Overview

overview

8

Static

static

7

f39b8ed57b...13.exe

windows7-x64

8

f39b8ed57b...13.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2023, 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713.exe

  • Size

    1.3MB

  • MD5

    00430a8d9ebf77e2d1f0ecb0ab10a686

  • SHA1

    64ef9d68c7392bb9bb33e459219de135157d6cde

  • SHA256

    f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713

  • SHA512

    20167a0f0fb582e9a445fe5575a4067732d659d56c77e83f11f65eef00b6a2b38bc7e1b7091ed79399a902c35fbfbcf26d1f40d3f3d6eb2db87d9bc58cba2389

  • SSDEEP

    24576:Qak/7Nk4RZL3CKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/xrZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713.exe
    "C:\Users\Admin\AppData\Local\Temp\f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713.exe
      "C:\Users\Admin\AppData\Local\Temp\f39b8ed57bbe1562ea2221222afe515ff50629ae7517e5aa440a05393cd3f713.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2620
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc0f5a1cca9c647707607c6da9bc14ee

    SHA1

    1cb3d6332349d8a202c4d4792aad2758bff625cf

    SHA256

    da6b40ff4aac559e0d4e1311912ae4bc9576c6798dee07c9638a9d7994df31c7

    SHA512

    bfbde686fee30adfc09cd3ded629f8382cf6520c4b9a65d0856c618583ce0f6fe1d1de80d86adf95be227ca9e6543ce084c61588853fcdab28ac9f79e3524863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9cbf5ae5fcc8aea80c5d869ac825a2e

    SHA1

    c6a44a9c7ac6f86786e5832b4744f5208881db77

    SHA256

    48b0ba108853fe06d080ce9c3773a912149298c7a1356993f6fd5f915491c57d

    SHA512

    cee7717b848c125bf89e845613bf4d31c8d45556a096e130c8c44aa70d7ff58019ea4c9e7efe6dd665fbff9402e071dc02ae17174410ce912363be2173490a8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9706ebdc90e8621e89e9c56f9221b075

    SHA1

    dc1affbb77fa942518116b125144278106d7f3a3

    SHA256

    39145aff80ccb3b6d6e24f6b09f7c4ba9a7be132fc17f449525c0f4d1aa7e58f

    SHA512

    fe5781a967fc3374b923b4eed7784f1ff165ca2547bba9284cd7a355537d8becb310b0c61018cfb5bebb502dde6ff6424409bd4e0460200fd4cbb89642d4f185

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfb66111cfd4bc91a80f82453e508df0

    SHA1

    8e07bd4691d165468c782f6a960c1f9a1a441a40

    SHA256

    0b0ca2f03ff3fb1dac2a2755fe8193af8c2afdae2d4f88ff6c677c4260e7a040

    SHA512

    7cf809ba0be0064ee274b5bced1ac7e3f484b470b68fbe36bfb5350eb646cfc1698d5547de6aade5993a1698e85dcb73e6587e84540b577c3bdb0143b7a8af96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23715669fc4b74892332e0ef99fe7960

    SHA1

    73b5bf81874f7f6d5adbda6da16d01a53e259bf9

    SHA256

    66937d94436b8f1fcdc58b5d4bccc8307d0337df9a8c3b90b07783feaefebae2

    SHA512

    28ead1191d327a161e43c4c8925747f52e5fc9319178c9cde1059c735099d436911d966d352b765a53996544b31c88f664006e497873ddb7b52aaabce4b222f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54a833a3febd98ffdab19a050f31943e

    SHA1

    dfe985af846f8a5ca0e67f0b6c9782dda292f1d3

    SHA256

    f3baed2715fdd04d9ab63e4b08a868a3d484ef357fd9f0e94171dc46de93f5bd

    SHA512

    034cd9d178f4a0a638601b3a06b1fe46648e7dc6d674c3f3c3cdccbb707d4948935e611d7cd3564557f14725aafcc2d7f1854926956ac4ec89188301de259a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    434bb12bbd573c7507ee9be8f96a0531

    SHA1

    929bdb71790662de20a79a430cbdc402efb289ca

    SHA256

    27cce34f810c69a264c0704b667d207d2e6c9065faad90127e1eb9a68afa500e

    SHA512

    6e12573885b317f6dd2e6141376c0c0513942f95a17fc8538cd9821b6c3ab2fd2b86e8f0c004b3f843b81255a69bc21365c44703442f9acf9d35337ca01fc238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    267048c668f93bac7f9df00e044868f8

    SHA1

    eb8b10243620702e05a4f326beb09d718dc8f304

    SHA256

    d5141c03809f7d4cf2387ce4b9b44330ad7f93e8c9b178c34bb90c96e10dbeca

    SHA512

    65b868a916ad02c6b36ea0a57857f4306d2aef9c8ea67ac34bb1ed6fabe6c67a8de05743e0d133de8be4e8f2fddba66822eb4593bd2d5da2cae84ca463248d42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9e5c666173e10e7aae8c45e3558b2cb

    SHA1

    14e8a8a04ccae39c63b70ec2cf86d78f8ada0ba6

    SHA256

    2ae06a2a655834886d84173fb0749af6700a1a2d3fca9c2bb1b1175e610e8c6f

    SHA512

    5ca9843547ff0ad8b2e2c36bf011d38fc893712e3189e87c74c86880c9d2f41d2c296a9676c3802289bf5afc0b2737976b654304316401c4d449477e31fd8110

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eec68d79317a22aa2a1ee2ee12a45edb

    SHA1

    b1ac948b54b8bd02bad2ef183029063b35aa9b2e

    SHA256

    726df3c36c6e2f07b40320d3e15f425b87a0d7b0d3c6565a728fef318a18dc9f

    SHA512

    c711bc9dc0d3d616b7fa9425707867310f72c71799ae71a0ed7502140a726be82df069c21e1aae1d88b84e07ca8e5ab096e3e3bce5dc19df23e66ed43739822a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ca122aa456c0eee7bf4fcf5a90a0498

    SHA1

    9e1a5249a39bd6998545ce16d7ae6bc603fdc117

    SHA256

    e5e2dde9f951838d15b68d6ec30e94200acee53c9627082458f02b18f63dc45f

    SHA512

    4fdf6df320a14c58ce5d02736beab435b82893477e5bf08721c5edbec373083b7f4f47740c05e24d038746140b400cd57454425b4400e8c36149f020a8f42337

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    725298ca504b3b73b57314b8b6b41ad9

    SHA1

    63f8e3cf39813e05dc16067b0747fb7bc1e0589c

    SHA256

    dcff582cdf0e626f74454de224bccfe053eb523d36dfe2e5d178f037c285498b

    SHA512

    e1176fd2a5dca033a81af36357386995d1242987f0c37340f78275e5acf9b4ffe226e96a4192bf44e24e82cae9b803a69e6c0e2cded0bc954339c1a4bdb67071

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6cc9fb481125b16e75e64c55fbcd3369

    SHA1

    96095c02e132a936a45c41963b99ee67a1e30e28

    SHA256

    6a64c1afae641e235253fe916917ea661384d61616427e68ff9ad4ec6b05a42e

    SHA512

    43e314e785346e5d3ba9bcf09c5a6fca83835552520f6fa3f5d878a642e6722573052099d7408d47340fc9b0fcd39280976288b068d819efee79d2b435551278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be28a9f8453e3b637c5f227c1b2d1561

    SHA1

    6e831637103cbcfc2f7654153cfaecbdc451a678

    SHA256

    c50702b13cfe51c94a4316dd0da9ae441011dde1a6e95e74aede9f26fb01dd5b

    SHA512

    343b2e0d642462e59e1272758a42e8b2aafbebe7c221f72eb089afe30ed44291ac1a1fca4d581ca03d5c49b5aedff1aab3059e5a722fdd61688a03b1cb48c22a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58b3e6c142ea820182b943ced98ef1ea

    SHA1

    7e94512786f7535161d919b9aca3bb3e3e8c6f65

    SHA256

    04929ca9d788ffab7ebcad13bda025566bdb424636eb9e1aaf85b5694d1ca697

    SHA512

    f2194abbd2cf7145e11fdf4d16e8f52384cfb97fe86e880261f646a900cf11b6d90a876324f78eb815d4724da6de42fd48529af972fea4cdc036526669cc869d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b586cc1111c73f6ee2619b2ffa4e97be

    SHA1

    b7b16341525bdf2291fd9d233f7c5914aae28498

    SHA256

    5b3ad6ea82e984799153911656962311cb68e2b5cd1e0c4a2ee1bf85a9194e9d

    SHA512

    11ef7a8d712312f702596e6e5baca6a52e271f855e011337e7c04dd93ce73cae20aed2fb01728addf086063df5053a4add6e8e4513fba1c6fa428fc35648a083

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c95d35d81b17fffd25af32363d6eb30

    SHA1

    da16083830ea3b4015e7cc50d6461dfe87023a4d

    SHA256

    2df1deb220feca85e6989edc4fa2c75bf0626f0d87c82ade6699ec23d052e8ca

    SHA512

    f31bc2ac7684569aa6799eca7b145b8a1f0f2c525131ed17efd721ca690a13c32a4248a561c64aab40029766e7c884cb2b0514e2d64e631e5aac5ccbeb39c009

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2765863ab99343eb1620d0899eac2e0

    SHA1

    29e8440e1064f22f7a9782e607cc4a498ba0afdc

    SHA256

    55741c2ba3a3db34e8744ec1294410b2a08716a70116fa6d6ea081db4540f77a

    SHA512

    709c70b22f960699f11b07daf29feaf1165631989cb6945017f0d1bf26b6ea2f7e6b63dde1819365d3789a3c334fd98c7b9e22733707a60b190488c96e63c71e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35e6e954b532545c57653f86191253c5

    SHA1

    73649a4478634ed9e1d3e50e4fd8150520d99773

    SHA256

    e6c58bbee25447ec034029826512f712c8b0f7382cad6c837958cdf945b85f2f

    SHA512

    3038989780cfd7b6936275e4b56d317145815dc26fe7716e492fcebbe27b41962daa130923db36816a1bf5e15308c3bc979d0115833b7919b45e4c873a59f5ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD27E.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD31D.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2060-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2428-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-15-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2428-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2428-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download