Overview

overview

8

Static

static

3

dbeb4069e2...20.exe

windows7-x64

8

dbeb4069e2...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-10-2023 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbeb4069e2322691914862a1462fbfbcae807cf608d1fc9e674159a239be4120.exe

  • Size

    5.7MB

  • MD5

    3bfe530321958943b3baf430e041aaa5

  • SHA1

    03fd4a2a8db3eb93cc28225fb5685f4640b9af3a

  • SHA256

    dbeb4069e2322691914862a1462fbfbcae807cf608d1fc9e674159a239be4120

  • SHA512

    9273da3393f3be8a93d9ff6201909615325ac572bf52bcb319ad3d82d691657d81eebf973dfa1f9c2f342cf4c8001dcbf03423343b770417acf6e1d4917dae56

  • SSDEEP

    98304:JsuZ7+XDe9hWVYnSs/OR5rhRNb0cE+SA8tNmef9ycNBg8RCkR5CmJj:JsuZrrWanSU6HRWcfbQAIxf9IKIK

Score
8/10
bootkitevasionpersistencespywarestealer

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops Chrome extension 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 61 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbeb4069e2322691914862a1462fbfbcae807cf608d1fc9e674159a239be4120.exe
    "C:\Users\Admin\AppData\Local\Temp\dbeb4069e2322691914862a1462fbfbcae807cf608d1fc9e674159a239be4120.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4008
    • C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall add rule name="DownloadSDKServer" dir=in action=allow program=C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\SDK\DownloadSDKServer.exe enable=yes
      2⤵
      • Modifies Windows Firewall
      PID:3312
  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:3988
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:1708
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2184
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:4124
  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    C:\Windows\System32\OpenSSH\ssh-agent.exe
    1⤵
    • Executes dropped EXE
    PID:372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    Filesize

    2.0MB

    MD5

    22d737327ce8ea5ef749e709ad022433

    SHA1

    8e5838de84d29a8e74870d28794ebdfbc9b9d75f

    SHA256

    14b8856ac51d3d23a6c54cc84c013a072f5d437af208c889a0b10d1600650a6d

    SHA512

    1eca9390569c2346787ee8392878a3ab347343c53389c3f8e78aeda7d0b743f181c8dcb4541d3be119d44e64e90971f73f4450841b725649e3e9c175a06d862e

    Download Submit

  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    Filesize

    711KB

    MD5

    b7655b20718a4ac1f26071e80be086ab

    SHA1

    8f66bcb5313fb0545751570004414f24d02517b0

    SHA256

    c36b07a9928f872deb55ec718e1a7ce823d2cf461e38543827d5b1c769f7ec68

    SHA512

    d45ef13d81c2c2ad07ea038b0b08e44d80628045c94f6a69442466c32182eb80ffe6bd064c55c012644d733e76c9befee967cfd925f14f974066022da0cb416d

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
    Filesize

    736KB

    MD5

    1721b9287b5814ffe4c71172c34493df

    SHA1

    d39e19d103e138f07e2d2f7fbfd387040feb1c07

    SHA256

    f8de96d0a32bc1fcb1ecbcf754020fe2e31972d1cebdc73d4df0f00bc8a2106c

    SHA512

    c413d0fb082f29214b8560dcc060520659bf1f3b53f06b03f51f6f93753a6f3f842da471f6cb850aa064ae070705b374ee7883f33f03235160c7ccdbcbf7627f

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
    Filesize

    736KB

    MD5

    1721b9287b5814ffe4c71172c34493df

    SHA1

    d39e19d103e138f07e2d2f7fbfd387040feb1c07

    SHA256

    f8de96d0a32bc1fcb1ecbcf754020fe2e31972d1cebdc73d4df0f00bc8a2106c

    SHA512

    c413d0fb082f29214b8560dcc060520659bf1f3b53f06b03f51f6f93753a6f3f842da471f6cb850aa064ae070705b374ee7883f33f03235160c7ccdbcbf7627f

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.vir
    Filesize

    4.8MB

    MD5

    5fe70cfbdaa8f2260bc56f84e386c66f

    SHA1

    49776ea07029accda39e1cc180b0d7a1ccb6e2b1

    SHA256

    3d1127198f1f8efddc383cb473f48b6e49d48cbd74a3f2444c1f0c59bcfc512a

    SHA512

    a0105e362cf0ae3eebff109c15611e86707644d4b8c34d1d55a09791eff7211022811f52ef48422dc07ccd69123e9f771a6810923206048157006e582d59f581

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    Filesize

    2.1MB

    MD5

    cc0288625aa4c14e4a68f72ce39f5b54

    SHA1

    6b54dc769a78b3527f54a8187c5056219901128a

    SHA256

    bf97cf094cc574d071184d4789d4961130c47c5a11d3da0d494931b1ee51f201

    SHA512

    46851a10cc79892cea74c392ef3c667145d7ca80957786ede541e159f31d8d57e2872b853168f0f773d134db6cf4097d19b037eda4866f20971f8f10a4b75d9a

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    Filesize

    2.1MB

    MD5

    cc0288625aa4c14e4a68f72ce39f5b54

    SHA1

    6b54dc769a78b3527f54a8187c5056219901128a

    SHA256

    bf97cf094cc574d071184d4789d4961130c47c5a11d3da0d494931b1ee51f201

    SHA512

    46851a10cc79892cea74c392ef3c667145d7ca80957786ede541e159f31d8d57e2872b853168f0f773d134db6cf4097d19b037eda4866f20971f8f10a4b75d9a

    Download Submit

  • C:\Program Files\Internet Explorer\iexplore.exe
    Filesize

    1.3MB

    MD5

    46b4af791583d6a142432091d07f6261

    SHA1

    83f35e081c73da7eb47783cfce92d5fdab408794

    SHA256

    b5a7450c98f930c5f69fa49505df78b847669135c1314bd30674952eeaa8820a

    SHA512

    19141b62b077f4dce85f9a4343550d8154049a96cba745cc83cc5965864a6064a1f9911a476f6e69e7504b471662240fade9772314dc9338c4cd106b56b56797

    Download Submit

  • C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
    Filesize

    121B

    MD5

    6b521c59cdc51637e4387692245a3253

    SHA1

    251f08f62b6e449a6fc800dac14ba8f98271c30f

    SHA256

    d5d19b45e457645d677104c316e7cff6df7bcdde2969d985c0e58331de26eff7

    SHA512

    73dcf84ea5aa5f123d44379f6c0d73de9c8578f86fd822614151db7848e6dda9c195dbcbefa4a9943958fe92e525d3c6c7c34f787bb82a2ce2b2c4d540ce34cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\InstallEntry.dll
    Filesize

    1.0MB

    MD5

    52202c8ad1e43dc3279c902fd27ae4c0

    SHA1

    00886aa2fb44797e96ff669aeb9c653c9abcc225

    SHA256

    3ff6f11a08b04ea35a83b92311c7ec1f3b99288ea12292d6d14e8f9c5e3227c4

    SHA512

    78da66fb930fbbaf49caeaf33ddc641b95e812eb99bbf21d2502156d1c9ad4ce473d9a5225b2af093179ce8ad76a7e637dc59ef2f0bf17d5208335c8bcb0b209

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    1KB

    MD5

    2d035ece232bead1c94542a44e283705

    SHA1

    dd23bbdbcca03d4a2f579da9e3daf9d0adf7b121

    SHA256

    baaeedcec5cdf87cbbca096ed8c2b50f73ba62ef2472b5e2959206e6014525b6

    SHA512

    a849b1657ad1aed846dc2b0c970805770d2d3383d8d13594f146a5ea94e2a719257428ed3f265a2c6a02634e62a3fb5f8ab093b00cbf56bf2a9ecf9a4820c0b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    2KB

    MD5

    f350f4bb9cea348bc42eafdfd7f52182

    SHA1

    02a8fea0deac529d362a31969f7c8fc27bfcce3d

    SHA256

    3885706db8c031d804e7eeb87ec8a3826dbb407a103ce15b347bf33ae41f5c52

    SHA512

    708c23c67e00afe4387200efd1a313988546de0b13fd7d757b1d13bd1680ba29e585cdda159c705239e8520a57ecb4bbf35727c9be9e123aad81c76c4299ca70

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    2KB

    MD5

    c5e7f2e6b187e5b4e5e4ad304e5f140e

    SHA1

    3f3fb5c143af1812e1e169ef4f4f88c95522c76c

    SHA256

    4ec810b1c88a36e61b16e9b24853a6c843935ca0d46fc68cbadd79719bf3bf76

    SHA512

    2cc0b0aba250342a2aa048c4b39273618af6145316cd40131415d89cc0ab2ba91a974d5a1ac9f6888bb84cf92b5340ece1c859c4f625eddafdab3b1c39806820

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\install_bkg.png
    Filesize

    45KB

    MD5

    68a017c094dc1dcd136e6f2677e41848

    SHA1

    3ebba5af4ddeeaea06942bf1ed5e11014ec3994c

    SHA256

    6132f8b3d88cc71932332d18778c4bea460f7d0d7a08cd9f25b033300efbc595

    SHA512

    99030b787c9c18ed01a24772633bbcf431171a831cb4e281ac1dfd20845c496922e55877634e7eca7ad303adf8989c571fe8ee2220504dd10074cacd67f0726f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    2KB

    MD5

    8df00ad52e2964cf24843502b66d15c2

    SHA1

    06249b51a09df4e2bdaf6bfe27a8474dde105d2a

    SHA256

    0880a80a3a8e89092dcc65bff5bf63a044c3a8763f543adea5bf3f027a125716

    SHA512

    e09a539e232ba37de09ecfb7e6558354b6d233d790074f291136f7c168d5f58bb77bf6c065a63f87d3732ce3dc1eb526a8e54bd546872c0c0e6a17645e3e5be4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    37KB

    MD5

    cb8dc16b59722999e762558ac0afce45

    SHA1

    17673bbecb6a999073dffab34b73009c13cece24

    SHA256

    a92b1cac68378fcaef9d46be0f8e1f4b6d5ca3de30b4ec26bdc30eff3f6b3051

    SHA512

    381df44b51001f1bc213a9c224e1fe3fbe270b80a332a9655e2aafbef3229227c0672a541f405a66c68796f4c8380053b02daf35694115226b178b4641054d81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    514B

    MD5

    83e7f0808802d4aefaba3ecbb87460b2

    SHA1

    f669f175562aae608f2a307d8c4b8a327b56de2a

    SHA256

    8d528e66094e298c9542215823363b66516a33a6bf8490b2122e74151b567dab

    SHA512

    c552181fdf3899336a5d5a2a5541c7c666e3ab0276563007c56a8e878386c6178024d30f7fe8b0bf75ece6ad371c553666e2bd09f935891db5741d23d3fba253

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    1KB

    MD5

    e242c73869a1c02d57a46dcd0ac50cbc

    SHA1

    b332bf954f7e90291416ff30085cb84c3bc3c603

    SHA256

    a2fe60fe06ce387f0ae59dff7ddf310818f8c2d58336501987064bbe3afa9893

    SHA512

    4434b63314d1afe911e38632c730ce5d5b618816dded7986e1b61ecafcdad359868586a43284a1cb7f6f58f15219488680b1a69215d21dc98b171d2d4017adc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OnlineInstall\11.3.10.1912\OnlineResource\resource\[email protected]
    Filesize

    1020B

    MD5

    043b6f91f1716b40fa718ef0f53d1223

    SHA1

    6ca9eef90f4734484faea2612f8466312e3fc77c

    SHA256

    06c8277deafecf8193727acb23636013e6d6dc7cc2e9b3e6ea02ca4f140b01be

    SHA512

    be8c849374c199462e107c46c213759604b8edd14ecab437acb7387eed3ebc6d44469368f3a77081917fcf4a34d8662ac7e827ec21d9d5aecb5dab1d1ae58503

    Download Submit

  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    Filesize

    919KB

    MD5

    03c3a08ea069f79f44db62964eee794a

    SHA1

    16300a75b877598d35b2eb0403d5fc974d8df685

    SHA256

    172b838032ccefc7877d1e7ee57d879fbffc4c3c823c25950bc9d9ccba7df080

    SHA512

    b99cbbd62e213a6f48190e51c9a9b669ecaf699ffdb3a09a0821c860f4c8a8352212dc5def480fc4f5a4846694fbf57842c6a3a13b1beac915602522ff13ddf8

    Download Submit

  • C:\Windows\System32\Appvclient.vir
    Filesize

    1.2MB

    MD5

    99f7c491b7ffa47d647f395ffef7847a

    SHA1

    b67665dbc6a9ebe1eb6b07d3d56ca339cc7b994d

    SHA256

    5b21d91d76b0617e05ad5f4ce0d158cadc117435daa992d38ac9c6594217b685

    SHA512

    7b9ea6912d1a84b7d7418f0a41e081ff5558c7a7cfb432518ca01541cd87327447a8557b0451a2b91216c3f805006c87843fcc51c6b19be38a9d21c5c0e1f3ae

    Download Submit

  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    Filesize

    870KB

    MD5

    201e88c06fa9abb4140c8abd9cf3d03e

    SHA1

    5e8f50c368354d8d05d997905d360888a8ac175f

    SHA256

    d02d150fad5714f11596ed6b6151ca3a3b44ccae4bd446e021b8bfa4af1a1aac

    SHA512

    1db1a87d49289fd0ee0b22bafe35914b61efc3b0e397e743c94d5bd5e6ac6c495fcbd680335bdbff1fd7aa331969f7ffa12f096acdaf3988e4f7e4992c4f861f

    Download Submit

  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    Filesize

    870KB

    MD5

    201e88c06fa9abb4140c8abd9cf3d03e

    SHA1

    5e8f50c368354d8d05d997905d360888a8ac175f

    SHA256

    d02d150fad5714f11596ed6b6151ca3a3b44ccae4bd446e021b8bfa4af1a1aac

    SHA512

    1db1a87d49289fd0ee0b22bafe35914b61efc3b0e397e743c94d5bd5e6ac6c495fcbd680335bdbff1fd7aa331969f7ffa12f096acdaf3988e4f7e4992c4f861f

    Download Submit

  • memory/372-324-0x0000000140000000-0x000000014023B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/372-301-0x0000000140000000-0x000000014023B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/372-242-0x0000000140000000-0x000000014023B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/372-241-0x0000000140000000-0x000000014023B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1708-293-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1708-281-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1708-326-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1708-195-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1708-325-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1708-194-0x0000000140000000-0x0000000140364000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/2184-225-0x0000000140000000-0x0000000140203000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2184-208-0x0000000140000000-0x0000000140203000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2184-202-0x0000000140000000-0x0000000140203000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3988-187-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3988-323-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3988-186-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3988-279-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3988-280-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3988-322-0x0000000140000000-0x0000000140370000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4008-185-0x0000000000400000-0x0000000000AD1000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/4008-0-0x0000000000400000-0x0000000000AD1000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/4008-167-0x0000000000400000-0x0000000000AD1000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/4008-1-0x0000000000400000-0x0000000000AD1000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/4124-228-0x0000000140000000-0x0000000140208000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4124-295-0x0000000140000000-0x0000000140208000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4124-227-0x0000000140000000-0x0000000140208000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4124-294-0x0000000140000000-0x0000000140208000-memory.dmp

    Filesize

    2.0MB

    Download