Overview

overview

7

Static

static

3

41a8db3ff1...a5.exe

windows7-x64

7

41a8db3ff1...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41a8db3ff1e6a473c87543dd4bea14e32a32e06911085f693ec78199ce126ba5.exe

  • Size

    1.8MB

  • MD5

    82017f7ea9fb91714cff3db05782155a

  • SHA1

    2d1bd06543bf1e1a6a8950a1e3fef3cf08ddfc74

  • SHA256

    41a8db3ff1e6a473c87543dd4bea14e32a32e06911085f693ec78199ce126ba5

  • SHA512

    bb606f9301b1785486373a92ba3ed910766dd5b78187d6ac73d6f1d4e2ae9e245ac9de1a965fd0c2266da3387194102aede9deb552b8d89e69030d3b5fcf4753

  • SSDEEP

    49152:qx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAwdUXJFknMUrGFon:qvbjVkjjCAzJjyXjMMUSF

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 10 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 15 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41a8db3ff1e6a473c87543dd4bea14e32a32e06911085f693ec78199ce126ba5.exe
    "C:\Users\Admin\AppData\Local\Temp\41a8db3ff1e6a473c87543dd4bea14e32a32e06911085f693ec78199ce126ba5.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2264
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1392
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3920
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4240
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4876
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3472
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4264
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:516
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:8
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4440
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:4136
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:2716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      25737db4e64234490aa2497abdf07651

      SHA1

      b98af7d90c43099fd9b17431be8c031f78c641ef

      SHA256

      43220613d6d253d30a6bbe82f21eab6546021c1bb93dc69ce6b7250df883926b

      SHA512

      5971b66fcb543d89a6bda470fdf5f203a1f53b93cd9b35322bec54e3a97ae2837f51c066a92b96c9bf8b848709fce929fd1c0bc3c46dcffc1094bb91e963f772

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.6MB

      MD5

      40cce14a486d1103fffbb22a8b2faa85

      SHA1

      b10357747ced0eab94f33a3e1011a3ac0f83330d

      SHA256

      8aabc9e7fd386b196e6e5d4bc5afa7fd00291f42e0523eb7f21683ab869c4540

      SHA512

      a2dbb6ba5a4c0c03815d77a864cf9781bb8038f85a5d975ea76d751e4d3359e0143a78bad56e06df262e2bd3506106fc64f1577515cda6dc63c12089f9dde4a0

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.6MB

      MD5

      40cce14a486d1103fffbb22a8b2faa85

      SHA1

      b10357747ced0eab94f33a3e1011a3ac0f83330d

      SHA256

      8aabc9e7fd386b196e6e5d4bc5afa7fd00291f42e0523eb7f21683ab869c4540

      SHA512

      a2dbb6ba5a4c0c03815d77a864cf9781bb8038f85a5d975ea76d751e4d3359e0143a78bad56e06df262e2bd3506106fc64f1577515cda6dc63c12089f9dde4a0

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.6MB

      MD5

      a1736a5dd402a311662825fb5259c60d

      SHA1

      90e65cbbe22f2c4f28e38d500ef478f775dadad9

      SHA256

      22b0f1926d12ace177e95102af7d42a849822eaee4220e53d57e6d7f3ab4d9dd

      SHA512

      6ccea01f4469d2146bfc16f77dc01c3129ef9bf765f3219e9bcc115cc50986326caa39efdac6f97caed24131d7817912851496c21c972a9c982f37c1e37401cf

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      8d24b2cb50b117e16ccd720328653db6

      SHA1

      d09b1685e74493a9f3668887d06e4f183a1516e8

      SHA256

      abbe8377c9538982e9a812497b7ad6d5bc8a995c94fc3cb7a5c54a497a7fb518

      SHA512

      7660da23198010ad09f2a05a98dc8a488d22dc2d7503296c6ad6e59585e14b33ad8db80f05537bf711a7ce88904a3683feb695e42e43f76b490470e446721435

      Download Submit

    • C:\Windows\SysWOW64\perfhost.exe
      Filesize

      1.4MB

      MD5

      d1f7b978d2d10e9c5bd3583690c7f607

      SHA1

      138f5efd2867768e6487528d1a11ca6ee674de45

      SHA256

      fd0ac188d61aff21bc39e7bf6a8592e429d11a68d7cf9c149dc756b7619a82c4

      SHA512

      72dd3f30d802664dba7e4d158762b5afd3c3b12729adf22b151558ae37585388079a4441ef544c2e225ba36b6ca6832873488d25e74bbb7628180b80849b598e

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.5MB

      MD5

      488524c50d5fdee50073dc81b24653d1

      SHA1

      07b7a80e0cf7d574c529095e23073433a912223e

      SHA256

      4b5e0a0dbf6f4f3e540f35db53d7d33d339f79f7d66bdfc25f48ccc37463f564

      SHA512

      4caa770346033e88edf25edc7ab8c8819d8e4f4e48e0aed83ba4df8df271903fb231d6a0a93f17ae068f9eefefcfe8dad518a5c56ab5584b498c800600c637ff

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      7e4a1b060dbb4491c99bcd2cb2e3972c

      SHA1

      e5cdf0ca9be1799d32c4194cd3acdca2f3f84d35

      SHA256

      141e776851323518d95d51370dc647dbd75537ca7b5c970ac37a3cc2ae49f186

      SHA512

      29db3be94f108420ce34b0abee73911935e3907edf18dbc24970a3f154d76c4cf5260a1f1fbd42affdc6f5373130c2768b2587f237f95d0f68a883adbdb8eaf6

      Download Submit

    • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
      Filesize

      1.5MB

      MD5

      e90118dd60fbf3753cb3c778ef04d965

      SHA1

      9ce18c720be510557311d9311547b7eba4cada5c

      SHA256

      9ca74f4eb0b0267d1bb17b80d5b5c7ab0d42d521801cc0d92b91bd4a2445e906

      SHA512

      5db361a79cde73ce9880cb3c4424be83531bdce649a9fde2715ba4c7cb6a1b9c923f4cba75c96d060584d50c03d894731716272cf205a70cf9f9ee84204e2019

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.5MB

      MD5

      40e23cb21e69ec03990b9826a9fded4c

      SHA1

      c4ea98b5ac33a9ac37fbbb6c7cd9f5104d34e2ed

      SHA256

      b83a14d0747f68a93d840dfb497e65efe89dfb201f48b97607c33d5f11af710f

      SHA512

      8b7c82a2d09164789310976b6a4e1a44271e6602773a4ebf3b089a6ce7514b391e8111ac93276c8900129d5b4f5c8712424c6a3287b99f4f16e44a1ba5afff63

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      1.5MB

      MD5

      b56bb855796cec238cb5fa0cf1400c73

      SHA1

      bb3b5a2d2e85cb1c0ac7ea6524f812eb028dfea9

      SHA256

      de0bbb5223d1c78e34c72a26e69ef907099d575639e04188182518e267f3b767

      SHA512

      8816452c4e266e3f4598aedf40f7a8686753630d23374c90355cb7f0e7e738bf77a60a5636f03ad1f1ab6f7e413bdad54f6505be841868cabecdfcdd15546a0e

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      96ba26cba29b02e47e78db83403bef44

      SHA1

      057bceaf3ed2425a766b835242cfc669ba50e591

      SHA256

      a9b6ed892d0707d1d2b399749892c00610db1db72d2bf015e9e705bee4cee2cb

      SHA512

      68d60cd49591a44b62b7a403b44eb2f8a2e1597cdaf25adbad75b0699511e36625d2e3709dd79a8273ee319715140f14cfc763e035e5ed3bc4f376d476c32a2d

      Download Submit

    • C:\Windows\system32\fxssvc.exe
      Filesize

      1.2MB

      MD5

      7e4a1b060dbb4491c99bcd2cb2e3972c

      SHA1

      e5cdf0ca9be1799d32c4194cd3acdca2f3f84d35

      SHA256

      141e776851323518d95d51370dc647dbd75537ca7b5c970ac37a3cc2ae49f186

      SHA512

      29db3be94f108420ce34b0abee73911935e3907edf18dbc24970a3f154d76c4cf5260a1f1fbd42affdc6f5373130c2768b2587f237f95d0f68a883adbdb8eaf6

      Download Submit

    • C:\Windows\system32\msiexec.exe
      Filesize

      1.4MB

      MD5

      2f0b286249bd1c34148f2c37d9782188

      SHA1

      bcace0b886faa5aa49e19c5f7508df686c8b2046

      SHA256

      fb7651513ac6774a0a6beecea96786b37cbc517a2760204debe6c9d8e815afd1

      SHA512

      d3a99c2a0f9c99dbf4ab466cf4802d50c51bd330ff25887ab7622416214d0eec075c386b28eb853fd4b8fc907c779048a23a86fe24afee2e686861e29fa44685

      Download Submit

    • memory/8-349-0x0000000140000000-0x0000000140189000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/8-142-0x0000000140000000-0x0000000140189000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/516-125-0x0000000140000000-0x000000014019A000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/516-139-0x0000000140000000-0x000000014019A000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/516-136-0x0000000001510000-0x0000000001570000-memory.dmp

      Filesize

      384KB

      Download

    • memory/516-132-0x0000000001510000-0x0000000001570000-memory.dmp

      Filesize

      384KB

      Download

    • memory/516-126-0x0000000001510000-0x0000000001570000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1392-12-0x0000000140000000-0x000000014017A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1392-133-0x0000000140000000-0x000000014017A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2264-121-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2264-0-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2264-254-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2264-7-0x0000000002490000-0x00000000024F7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2264-6-0x0000000002490000-0x00000000024F7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2264-1-0x0000000002490000-0x00000000024F7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2716-386-0x0000000000400000-0x0000000000567000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2716-388-0x00000000005F0000-0x0000000000657000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2716-245-0x0000000000400000-0x0000000000567000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2716-246-0x00000000005F0000-0x0000000000657000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3472-101-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/3472-100-0x0000000000C50000-0x0000000000CB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3472-109-0x0000000000C50000-0x0000000000CB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3472-162-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/3920-91-0x0000000000580000-0x00000000005E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3920-141-0x0000000140000000-0x0000000140179000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3920-16-0x0000000000580000-0x00000000005E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3920-26-0x0000000140000000-0x0000000140179000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3920-92-0x0000000000580000-0x00000000005E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4136-170-0x0000000000B30000-0x0000000000B90000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4136-161-0x0000000000B30000-0x0000000000B90000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4136-164-0x0000000140000000-0x000000014017B000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4136-384-0x0000000140000000-0x000000014017B000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4264-113-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4264-120-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4264-114-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4264-244-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4440-149-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4440-150-0x0000000140000000-0x000000014019F000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4440-156-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4440-382-0x0000000140000000-0x000000014019F000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4440-157-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4876-105-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4876-97-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download