Overview

overview

7

Static

static

3

d97919753f...b1.exe

windows7-x64

7

d97919753f...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1.exe

  • Size

    5.6MB

  • MD5

    1f14f2a77f388d6a6ffdd8f2dd556c38

  • SHA1

    fed109591f58620ba86fc800971514ed8b95d4df

  • SHA256

    d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1

  • SHA512

    fa1668f1d3d0c25d095886c36ba7492efd8c09c69934b4ae8bf674a0bc4ae241d73f3ce5b0a219c2b2a3c288c720d4a6de68c931b76f1457ab5151f07c868c57

  • SSDEEP

    49152:u2p+ZZx7qkrH0TZSqmtic94m46ORSmtic9:+Lx7qkrHi5mthum46ORSmth

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1.exe
    "C:\Users\Admin\AppData\Local\Temp\d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\1.exe
      C:\1.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\1.exe
    Filesize

    5.6MB

    MD5

    1f14f2a77f388d6a6ffdd8f2dd556c38

    SHA1

    fed109591f58620ba86fc800971514ed8b95d4df

    SHA256

    d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1

    SHA512

    fa1668f1d3d0c25d095886c36ba7492efd8c09c69934b4ae8bf674a0bc4ae241d73f3ce5b0a219c2b2a3c288c720d4a6de68c931b76f1457ab5151f07c868c57

    Download Submit

  • C:\1.exe
    Filesize

    5.6MB

    MD5

    1f14f2a77f388d6a6ffdd8f2dd556c38

    SHA1

    fed109591f58620ba86fc800971514ed8b95d4df

    SHA256

    d97919753feb37b7c116f9a9dd8d77841701f440f96fdfa3d6b5a06ec48fc9b1

    SHA512

    fa1668f1d3d0c25d095886c36ba7492efd8c09c69934b4ae8bf674a0bc4ae241d73f3ce5b0a219c2b2a3c288c720d4a6de68c931b76f1457ab5151f07c868c57

    Download Submit

  • C:\11.ini
    Filesize

    79B

    MD5

    d830992ba5f8e239f52bccf0ca589fce

    SHA1

    e31f83743fc42c6ed46a4e944a91c0adc51199db

    SHA256

    03bae907d8cd1ebcb08372b9b5d85b56c2f5580a93a295dccdc5f3d62a0573c5

    SHA512

    2d9e226be931d636d8f26e83117bba27ad0b19a16699a43c1d659ca2be20f1419bc89835171344291cf2ec6b3feb408ca1e1df38275f04dc9945199c285b5a93

    Download Submit