Overview

overview

8

Static

static

3

ad58d6c8cb...eb.exe

windows7-x64

8

ad58d6c8cb...eb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad58d6c8cb959839e6464a20128cde48cc9b06b61a1489e43b7b81a020457eeb.exe

  • Size

    33KB

  • MD5

    a1f73658520a973a1e88a29d4ad7c967

  • SHA1

    8ce8595794cff91aa349342fd84071a76758a90e

  • SHA256

    ad58d6c8cb959839e6464a20128cde48cc9b06b61a1489e43b7b81a020457eeb

  • SHA512

    cc8558290782438f63428ca32bfecbd98252a35aca52598373829685610d4865978f12940ec57463914d0023eebafe15689ce28c61a32865f630bb18c25bff5c

  • SSDEEP

    768:0tVElOIEvzMXqtwp/lttaL7HP4ATCf0vn4DAwdHtLuQN:0tVaYzMXqtGNttyOf0v4DAyNjN

Score
8/10
spywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1288
      • C:\Users\Admin\AppData\Local\Temp\ad58d6c8cb959839e6464a20128cde48cc9b06b61a1489e43b7b81a020457eeb.exe
        "C:\Users\Admin\AppData\Local\Temp\ad58d6c8cb959839e6464a20128cde48cc9b06b61a1489e43b7b81a020457eeb.exe"
        2⤵
        • Drops file in Drivers directory
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2272
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2396
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2788
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              4⤵
                PID:2668

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          258KB

          MD5

          aa8454a6d03a65364b5ab9dfa635858e

          SHA1

          a02da5b82696fdd03ccc7147138b7fd9ce62cdf2

          SHA256

          36110d96b9020d0ccb953823ec356960cf939daa3292d1a39b04577c24c8860c

          SHA512

          a2773d9d16a91c88289445abb25b5a0df2f18b0992e5d61a9c38bc913bf9ac32cfa022b1b951807aad6201cc846a3d35fb51522649a2c70e1859a3f7ac5469d2

          Download Submit

        • C:\Program Files\7-Zip\7zG.exe
          Filesize

          601KB

          MD5

          794d925e1d401888f793e166a7eca4c3

          SHA1

          9ed49052074d4a9c349dc1191a66c9a8306ba15b

          SHA256

          1da1309f85d919b81ab47ddeec29bb12b89f6f63f7fc670bfd7d3765b0d7fddf

          SHA512

          3469b650964201bef19ace08ae605391f3c954f0eeb48251ca206dcc3262d984247aa0cb2c7aceb398a3b374f76de2ba706b2b8504ea5bbadaa3c918eee3c148

          Download Submit

        • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
          Filesize

          478KB

          MD5

          2937b1bcc2bc9e085a87002ad91dab15

          SHA1

          f00f772ca752f29d722aeac878c611d0e4e866eb

          SHA256

          1c63a6cd1debd7d62305cb67efd761cb0d1f6c3892aac49de358c62d19c60f2e

          SHA512

          744e123c7cdab18bc02c53affb280a8c15b4a7840a48304b03ae3f716abe04d58dce63c2ee97cf50731ab2173a32a6fcf651ba20640c88a255e1548458f91fc3

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-2180306848-1874213455-4093218721-1000\_desktop.ini
          Filesize

          10B

          MD5

          dbf19ca54500e964528b156763234c1d

          SHA1

          05376f86423aec8badf0adbc47887234ac83ef5a

          SHA256

          bfa0ad2e861e2369dc239edf8f62fbe1c4507d877ec2f76e46e48f1e68fdd5ae

          SHA512

          fb8ce1253ad6d3c1b7d970614dbc2d21574576336a490b54a8dc705a3d8637c0669747ba821fb2f4da14d7447dc24607aca988b0cd3bd9fc4d9d5988b4b631d0

          Download Submit

        • memory/1288-5-0x0000000002A10000-0x0000000002A11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2228-26-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-40-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-49-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-0-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-235-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-9-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-2346-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-2421-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-2884-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2228-4028-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download