Overview

overview

8

Static

static

3

e02d7397e8...2e.exe

windows7-x64

8

e02d7397e8...2e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e.exe

  • Size

    1.8MB

  • MD5

    f377f3ba33d0e5e54a5f1434e6218ba7

  • SHA1

    b431320f70ec2502261aeffd1a12b6dc0fbb621e

  • SHA256

    e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e

  • SHA512

    471c2022972e0d75ae823f5b9e3f15cc99671225245832878cae84db58efc200f64c9297fcedb8afec8a705c78e1425fd5cca187b1c0290ace4e779d9bb1fa6a

  • SSDEEP

    24576:j3vLR2VhZBJ905EmMyPnQxhe4kLwvHYgUaHEwvCMXrXDC/hR:j3dUZTHQLAlUvwaMb

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e.exe
    "C:\Users\Admin\AppData\Local\Temp\e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e.exe
      "C:\Users\Admin\AppData\Local\Temp\e02d7397e8cda9a5d44a5f46d73e5887176031dd79eb79190a0847482fd0682e.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3048
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d4c62dc7ef15904c7e7a74d78cfef6a

    SHA1

    6d4fba253c7bb4c2e9c3a44f312763914e1b12f3

    SHA256

    2c0392039782f30dfa7c9de1b8950450ca776d9e79bb1ab8b57d26892a9a9b50

    SHA512

    95e8d1f8aff3be071d6aa5247c9f14a775c96b429a3a9def0467a06660a2952641d0f50b24d3f21969d7402319f910a2f82c6c36d3fde7a86e941c00f8719d78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74e0d2a4eed696b42f1dbb318868f91a

    SHA1

    313f503c4ed6603403a41208b01c1171539b72c0

    SHA256

    56619c8d6ca3a87b27bdd6b8fc17c5d8d1692a5e3eb2fd6accb4229ae49e0a7d

    SHA512

    f9c588d52eb38c245a95e4f11d928619e2fa1db0478428ffb6b64d7dc95712ad2febf3b16f8c753f91c7740f4041665a1c2f15469d8fd15f5a6b2e74e598d626

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6bfd9c9156d3069e4a153f3eafecd484

    SHA1

    02085027366e67fe2d314e8fc82c2624a4b8acff

    SHA256

    34b079658202b8267fdda6042ed3324056aa5af67f1f299f9bfea6735cd0ac8f

    SHA512

    cc661a44cd16607bb5a775c4ba802ecf4cced22eb5fa5b6f7689d970461834cc3056d92891eb3e7640a56fdebf84a7a0b9308d863a1225191c99c040f2ad79d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    523e2e0e6cf38640d398c12999e73a46

    SHA1

    b73e007163c28971cda362b0380b6ea52c6d8aa2

    SHA256

    1ded061e82c9ec8d4ff1c3e06eadafacad51e8ba3e9c8dc0d762ba72ca71848e

    SHA512

    6c914f89cd043390f51f2de3ac21032682317ccf7d3e968f13cdd611d0ff9c6c6c681179f7a8fbedd8dc076beed493b21e3fa971caf67145b60e8f6e3dbe472e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f183cf452b1ea8a1259e294074c1e486

    SHA1

    b62744e4f7752480eae77fe84a29d6b65433c14a

    SHA256

    ff4ba2b08dcd8fc7bcfbe152c0d3736c52682f4ce758aef16650c26d04b933b6

    SHA512

    489b748de9b3499ccb56dbcf99c2940b25b6485ccbfbafe997baba0cb8f73445662f09e9fe9c6b95a328ff8b1ec72799b6f8d98bcec28ebcee882f3d10b41a50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18612d1b15c0bbe1cc3b8e4a73dd2362

    SHA1

    af247619b9db6e6532c5c8da469a1925171a6a44

    SHA256

    127c4c7442042b2306b0f4aa8a3d59fc51a10c4aa67220ec4af37fd84fb6f12e

    SHA512

    de2f558b55c167535df0e82bc3a32216924e12a9f0c679fce4dba84320f1e29f76629488c1609d30f6f19af9d4fc3fde63730caee7a29730033e3f8f8d1c8d7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72fcb7134fb5448c1ca7ef6b72f1b4d9

    SHA1

    9e51020e15b220054d5c28bcd0618073a4fad83f

    SHA256

    96b46d028dd5d7f40e628f5b3d5f22e2a809f969e655e84990ca452f999d0f2b

    SHA512

    50bf91bf671c5127b4fffdd6f9aed7d3a0678a98d3ea88defa735b38fced8bb207894c61b00f2320a93a8cfab59c54abb07362bea45e509cfdca1b2d6a087ba5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    797f732c21b7c5d326511714468b03f1

    SHA1

    a560a31ce198681a433b243e7569e8e25556db23

    SHA256

    9c1e7faa84b047de20ab7669db79f525691e3b6225647dd0cbe5b313390b2203

    SHA512

    7d6569ec5286fa45229626d9fbaf821e178f9aff57aef853170ee52930bc53df1542b393c304dda7917ab69c482a578225846603031c29a12e8859950685c03c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b322c6139313166d803aea165b3c629

    SHA1

    fc6a0d7f7abda9ca32bbe20147f3c8afa1ebc736

    SHA256

    35ac6fb55dd7425354f8be4340b60e971b4b297a4f27c8212e1c50ad29ec3528

    SHA512

    39cf48f23dec5df13c3dc38f69d4fbdc35d309ccdaa92222fab7606d986227fedda778c9fd7c089aaaba89366d71e0821d1fcf81c1561dc6df84b8b68432e30a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a7e8e8a9d069a3e555f27b9a9e2aa17

    SHA1

    fad34945d3463d95174d0c83b974c0a5ff7e14b0

    SHA256

    07d2ce41c48fdb17bb3b5fd597ebbd9dc1257cf906fa24cc05f7184ecb641a96

    SHA512

    cff2562e5cbda69a0c1e127671502bf628bb72d1e935d6c9a9ca4a3a38d6d7ca2ab27e4a122f06034f047c10095bb52ef0147ef7b5dd1cc2cafa5eda3d7550ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d3e40a3fdce88b956e48b0088cbe12f

    SHA1

    5a2113546c01b0b7d55350bff32e2092cbb68e96

    SHA256

    b5ff517117a453138442d512b68f39a505a5b0ab37e04ef9042a99772cdde8a1

    SHA512

    8ec2948c6981c40d6e5e3abec1334badf1abfabdacca5365dc27c9c128fd35e1e27247dd17347c7215648199506e34acf97e18bfc74988a087f522f313fc03fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    696a9d162964b1570d4f4d1a58d28b87

    SHA1

    270ca327b52cb26ff8f92548b1a1ec87f1fa2748

    SHA256

    8fc6084f27306fb6252f06baa6cb71d039213946a09b99a2cd2d0dd84535bf96

    SHA512

    25a6ed0c41f7cac2ecc0e1e6a66b26befcc3c499e73e5ea19d90b5b8372193801c42bf3c908c59b8b5c20d4ebe7cbf99b2c88cc7c77baeb0233831a8c3256210

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ffe3eaa8dc409f5fe287ed16068a0a9

    SHA1

    da0b085c327f5bf63f2de694153c91160746a518

    SHA256

    4f3a61603c01bf246e170fb76981f1a60ceb03b797e9d188d8b81441cdcf322b

    SHA512

    58e862f5f64f6e60c54464fd7c12aa1881b8d2224e07df72b6b44e8647a18c3443cdf053dc0ccd613410cc50d91a9dbf1010d07261b9209edf128cbd4e42a349

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec7c1ffad6b13cea4456cb684b28c7bc

    SHA1

    ef62f9fd5b5683ccf9fd52637e28bd8cec263d25

    SHA256

    cec0f56afe0887904db089982699ad4f25c435479864e57cc4466be7176d7a8b

    SHA512

    ddea5ff323c4224dd5b2ca5ac61780d331487bc2736a09b4611525441e235639e156b38fef5e63be941f5d181792282161d4e74e7f37ae995ad3b753384478d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b94ab326d23caad9825de1b10d8b9fc

    SHA1

    0d6ee5ede6ea24b2ffc535032da180faf7cfc213

    SHA256

    c4eda2a79a653c225ed71fea0352161b3cc3b55ac40e194af2a16e8a7c7797b5

    SHA512

    31180c2a4ebe2ab8ee6a55b7cfe46be1a9c95cef94b2789f298454ed4190e6e1713ed68ed736d2cb12bbb868fc02dc1fe32fd498a1d8a12aec4809a7fb7b736c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd55412fff055ccba2b6b9a6b1584422

    SHA1

    2411bdac60ce5b760ba2edd7decd8292a678b899

    SHA256

    f807448de5c7572893158985f2c514563176927f6819327c5d3e0001a09f384c

    SHA512

    79cfcc44179221355ab83be74cbad384ec2f2d48be56881e94eba43b2c7a620f6f9ddda2e608fb3de0418c418006704f8968ba0e8b8ff368031be2d18d081f39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac4826f35cad994eb7704b361e191df7

    SHA1

    2ca53cc25921457d69ab7fb23d19363dcc5758cc

    SHA256

    9a6bb3916f283d641e6418ab95743a441389c4539317bcf3096f9ea3aa3832d0

    SHA512

    cac2ec451f9fc6dcea284af1b9aee3a565c9dc25b4734c926b753fa3f9a9fdf0de26addd943d49d9a31945e7e6ce450c7998ee27f4893a097fcab0a4c9869eff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3543af86adc435d310f6d708e471ffb

    SHA1

    1c72caa8ff84e140ab7eee77c2b7ba344e7a63a0

    SHA256

    4c6558537d20ed9d370b7e856158b8f82afd58ac8a8734ea5174c66aa6be2f34

    SHA512

    6a8f56b3bc270b9505854eecd563676788fee59c12797cda114314e42cfac68a6da14a6736ef64d4ce059b236c1330c8a3ba3a19b82de77cf6fe1db28c0a2804

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3b94969bcb818dff3a86c352523354a

    SHA1

    06436c45715adbffdbdf744e3dc8478e335aea6e

    SHA256

    308b13a059ee41a53d8b44ed42d40552d0f332d97ea480f6f416707068f5a1f8

    SHA512

    b6b07d9539e51db17322d493c51c8ddf9e81e32936a9616a90f614dc13d6419463af93576dbf87621c37dd793564fc2fbf6f8e9d9c0b3dda6a59d2253e7e8cdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab42.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF1.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/1704-8-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1704-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1704-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1704-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1704-7-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1704-9-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1704-10-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2208-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download