Overview

overview

7

Static

static

3

beb624f924...7d.exe

windows7-x64

7

beb624f924...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    170s
  • max time network
    186s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d.exe

  • Size

    2.5MB

  • MD5

    72604b149d4d1ce8f84f4024e744328d

  • SHA1

    53da26d9a87a0c6c983e55dd5604f836f8742155

  • SHA256

    beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d

  • SHA512

    0a192d3e6b98d56ce9b45a6ed6adadf781071514fb3defda2873e0fd9de00293c7a10eeafbcc1897cf63cf7d954c663b00363ebcc38e53a7395b0b41e1a05177

  • SSDEEP

    24576:1NIPd/zHfWWrwPC6zwSO8VgJLdDrGnrdEROGHOhMkQJCtHYX6RC/hRJHOhHCZw:1NIlaO8qdDqnroHOnQhKsHOIZw

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d.exe
    "C:\Users\Admin\AppData\Local\Temp\beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Users\Admin\AppData\Local\Temp\beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d.exe
      "C:\Users\Admin\AppData\Local\Temp\beb624f924ec28450508a17f7d0dc614c26d71f6046aa02d032fbc4fc18d467d.exe" Master
      2⤵
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.35my.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90969167c99f6be8e901a365a88f267f

    SHA1

    d5ff91df3358d6ed8051f000e1ddf1d02c6cef2c

    SHA256

    a962e1cf72f748784b72cf778f3c986c1f3731be4a6e0c91901e12f769c3d888

    SHA512

    5ee4b542a4d9d33423e0db8f599a89865037ac92fa597f5fdb5cba648a66443461c3b376c2f9a2980aacb02203621f6b62a462206d03557d922c411e27631899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dce79ebf2c700e96f4076accf9edbdca

    SHA1

    7da02277c0cdb281f34b30ec8b9e5ad3ab3bad40

    SHA256

    eff84b0fa380d389bedbdba30b6228eec7373b2786f943c602b3bae946bdceb2

    SHA512

    c6b635fb7c9144d56f1e4459ae00dce2e4a0ccdeda32f096604db312f8269f088a71e3c28cdcd77377e05fc8359bd1760886d440e2fd1bd41ffe793fa347b9c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    391f095e66c8e8175a7e6568c74b4ef2

    SHA1

    b593e733a3e06bae978bd47baa0364a6f87b25fb

    SHA256

    85001e5e13dc5ecb15cdfe28de679a6f8df6fed982ac5e9fa7b5ddc79793b151

    SHA512

    c8f56d1942d632c0eb3d109f992cb603eca7c29b486eaa076f2cd2e9a771f23adfb44d291e250a50dbe7dc27c85cdb9b3067cd8cdf728906c3c7a7573b5bf90a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57035cb96431c7a23397d5814098a1ca

    SHA1

    da5556b861de810d6b095885bff7ad5af51e6b8c

    SHA256

    a000e0cf2ac3833163479d0f59e587e08084dd89f3d3a5bd865f0dd499930799

    SHA512

    90866dbc597529e3e8cd928b052d10e5811e6d4cf4a614899c1b89fecc201c79cd0b8af92d1525be59d0a2be9397c17c495e1da41c8d037d194c879ac495458b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ffbb3baee7bbfef3bfac2d4c83ea005

    SHA1

    9e5d84bbcf78fc31971000409afcd3e21e2d43ab

    SHA256

    d2852048b46a730e01a7ad342e4320d1709e650f2f07e522cc60a28834adf4b9

    SHA512

    eec16248b06164219443c2adbec28f0465400f9c391aa1c98974d2bfea12ba9fcf58c43d7ec1afad69712eee8df8439becba0174888d5b3f39d91a7573a5f88a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51cf75617ba464f642a96c1e20262b55

    SHA1

    07d503cb3644a31cd1219d3a8ccbc4bac78d920a

    SHA256

    f841fced7bb3e2c8ac54c7adb5cad993e6871a49539ce240ecad5e302b1597dd

    SHA512

    4e7fba43714a6e6a3e5d05132e5287785ebbd2febdaba3165077aabe15e8aaad02d14dcccf1f844f8753f92c3ad88841f5d8fcfab1499be479f0343acc03d476

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    529427ac5bed3743970ba1d93194f8ae

    SHA1

    44cb5bfde7a7c0ea43ed6e8d0361c50906788af5

    SHA256

    ffedb056ba9068dcc28bbfc4e3e494a47a7b88904915cb48bc09a0ab565cd5fb

    SHA512

    35f89c9c0cad89028da40848159408e6b80e867460d9f726f761984f5c8c729783acf9d1ecaa7cc0122cf4b2214dc65bcccd5304c38387e8dc30ff003c378e10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8425aee4547384b45b4ab009ebf23945

    SHA1

    1aedf5423f08fe99d45aa2ec7b6b0e0133059aa7

    SHA256

    e8a1b993f3af877914a252881eaa3416a1af0a9058501d528d4a1dcec3dcd543

    SHA512

    14a964401d2ed9ecb4a6504d064733f0902290adc160368407c8ba56b880651c4f2edd18b9770f92e547b2cc3dc53b3c5311e2fa634a8c48bc15853d050e8617

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c7de51b9c219dc37644dbbeb9bc0002

    SHA1

    1ad81b0a708a86baa3d307606fb4ff3a420b0f12

    SHA256

    3cb0b4cb4b1fdb28c7024a50a18fb1fe63754d29ee4b2dd705e6f68d37850836

    SHA512

    694c36e33ec58ca77ea1789b9db224c5bb1cd1270cd4da2ae1a83742b0df9cbea74340a40fff42f9ed1c6e0c4910b02096790062b56c9b31a98b1bbf1e8edd0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9d1472ac6407354ec9a958fd4c48102

    SHA1

    d28cdd613ddd0546f63d679369bd7e296b64615d

    SHA256

    b9240ca1c9630a66c9a144e313a42c84e84cca4debc33ca923eacd4227cc3d1e

    SHA512

    2938bec2780874398275a96722b856933d9393fc282fec7ea7d596a66c8fde6c4cb0be1926a2de69b9c61b700033b29249aedb84c70113acb4db27dc6577359c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    872a5638515f647afe8e66489355e755

    SHA1

    59ec805cf66ade62036d6270abf3749305fd91e2

    SHA256

    3ed022a01ed2c3ed1bcb702f203f22c04a653d13ceb6d79eb5e557f90a8c0e4c

    SHA512

    d4bbe3a14a43aca2afdf3392a012d06da4fb25661526ecb49455136ed9050f0128e234894459d7de51e91881d65258d3067774cb7b109c11fc993bd297a59ebf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAE1B.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAE2E.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2608-8-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-9-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-12-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-7-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-6-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-5-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-4-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-3-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2608-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3036-0-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3036-1-0x0000000000400000-0x0000000000690000-memory.dmp

    Filesize

    2.6MB

    Download