Overview

overview

7

Static

static

3

29af54e0ad...f0.exe

windows7-x64

7

29af54e0ad...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 06:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    29af54e0ad3beb59cd94964c6b7bcd3442f21e1495cb3dce56e9a9d52cd4abf0.exe

  • Size

    26KB

  • MD5

    2fbc653a80e5b30f598f0f9da4ded1da

  • SHA1

    a539a0b70e03d87f9cef3a661e941889e6dcd0fe

  • SHA256

    29af54e0ad3beb59cd94964c6b7bcd3442f21e1495cb3dce56e9a9d52cd4abf0

  • SHA512

    6e877d3049bb3236912d9fe97391e5d91f11a4397e7ab75af84f88c5ca7df895d836bdd62385d7948b8fff77237bf069ec48c69e1c6a5fd8e8c9e5140cae3fc1

  • SSDEEP

    384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjv+eo:8Q3LotOPNSQVwVVxGKEvKHrVJo

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29af54e0ad3beb59cd94964c6b7bcd3442f21e1495cb3dce56e9a9d52cd4abf0.exe
    "C:\Users\Admin\AppData\Local\Temp\29af54e0ad3beb59cd94964c6b7bcd3442f21e1495cb3dce56e9a9d52cd4abf0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\spoolsv.exe
      "C:\Windows\spoolsv.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:1720

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000000\x86_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_it-it_48e7ceefbf70a0ab\mspaint.exe.mui
          Filesize

          101KB

          MD5

          51315addb41597192054ba2148b2c488

          SHA1

          09084b9572e958c839f24680be40b14182ab66e3

          SHA256

          a054388aed1e6c3cbcff94f2bc89f141fcd5b36cd587c38b9e01ea0df9cbaf02

          SHA512

          56ea9f730355fdd6c89c8b8f39c47e009e07ac6cad4cfdcd2c8b6e8b84e25dfc9c70e8ea1a3195c0630bc1e72eaaf818162ca50bcdf4b1d7a6af478a479e4b7f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\z83A6TDofJ8MzsD.exe
          Filesize

          26KB

          MD5

          a034c065f8a2f4f640f54cf000bdce5a

          SHA1

          c92dd4cd64f5b8cdc08125d11ffb795fa8f664ff

          SHA256

          ca65600b264f3ee5c5bd9c4ab402f5c667da5923d732b61f513d797370f5561b

          SHA512

          e2ddfe6fcac8ae9b4ecaea207079895d7fc6e63e4a0a2378f2a8bccd20bc56a0790d5f84ac421e99709d215bbfa66611803d369e930dc6c3dc3a1563ff945cf0

          Download Submit

        • C:\Windows\spoolsv.exe
          Filesize

          25KB

          MD5

          82071fd2379c64429acf376487fcddff

          SHA1

          2da42c7eaa62ecee65757b441c939f12b52228fb

          SHA256

          272bd07fa6c2678fd96a026237a184fceffa65d319f6844bac582aff90ce25d8

          SHA512

          194bdbdf624ec425a095a44116032687c46b3e2370f3c436e2d5516dcc778824ff57fa69edfacb42e5e76e05894eb0a40acf32dcee3b80ba397f823ec82b6adb

          Download Submit

        • C:\Windows\spoolsv.exe
          Filesize

          25KB

          MD5

          82071fd2379c64429acf376487fcddff

          SHA1

          2da42c7eaa62ecee65757b441c939f12b52228fb

          SHA256

          272bd07fa6c2678fd96a026237a184fceffa65d319f6844bac582aff90ce25d8

          SHA512

          194bdbdf624ec425a095a44116032687c46b3e2370f3c436e2d5516dcc778824ff57fa69edfacb42e5e76e05894eb0a40acf32dcee3b80ba397f823ec82b6adb

          Download Submit