3e73e22ea0b0681ee3d044ecf94f26a4cbf17ae7ee73a61f7168a8a06851f9d1

Analysis

max time kernel
140s
max time network
143s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 13:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

096fbd66654f86a6a9c6cf6167c5d4db74980a99b0e9a9e1cead6219fb71bb3f.exe
Size

501KB
MD5

04f80866aa0d12731ce6209af7784eee
SHA1

3d748613c8715f46bcafa10f2d4870abd369818e
SHA256

096fbd66654f86a6a9c6cf6167c5d4db74980a99b0e9a9e1cead6219fb71bb3f
SHA512

a0d8af5b2ffd8c1f3ea658fae8149cb2234216fe995c9e32883305e464274639f0aed90c065ee4a376ac425832d26ce0d30fe7f3869ee203d79ac63ce3cea641
SSDEEP

12288:66Wq4aaE6KwyF5L0Y2D1PqLGT9CIW7lXiPdx7XAP:YthEVaPqLAkLt2x7E

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
behavioral1/memory/2076-44-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
behavioral1/memory/2076-45-0x0000000000400000-0x00000000004BC000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2076-44-0x0000000000400000-0x00000000004BC000-memory.dmp	autoit_exe
behavioral1/memory/2076-45-0x0000000000400000-0x00000000004BC000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2076	096fbd66654f86a6a9c6cf6167c5d4db74980a99b0e9a9e1cead6219fb71bb3f.exe

C:\Users\Admin\AppData\Local\Temp\096fbd66654f86a6a9c6cf6167c5d4db74980a99b0e9a9e1cead6219fb71bb3f.exe
"C:\Users\Admin\AppData\Local\Temp\096fbd66654f86a6a9c6cf6167c5d4db74980a99b0e9a9e1cead6219fb71bb3f.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AdwCleaner.jpg

Filesize
15KB

MD5
f81f914f2c791a1062b28272c4ab20c3

SHA1
fd87f073676ad6e58db4380ab9eb21f831870b3b

SHA256
96309857e294dba76736678d0cb830416f9a70499d434052594389fe067d109d

SHA512
60d19f2edcff4592b61258305bb02b44e1dd1c21be1f69586394ae4b414de315ec16a23de860b4839f41f8f1181f5a2cc00b26c4ba2b2e46b7c384469d4dc608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Delete.ico

Filesize
4KB

MD5
f68ad3e2b652b88e6ae034f37605a8c0

SHA1
58583dc655851d264104ce1cb40c17dde0a49dd5

SHA256
06a29b5a46028c39590d942e73bc76ab9e9a0decdfd6c11433f715e4a173892b

SHA512
6f49615fd2c2562229305b9f81ae37a44c0b7a19583290ba8c3fe24909e613272b247c710e2f9b6ff0737eca41e092b8b1a24218ef35b302979fcccc6887e5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Donate.ico

Filesize
4KB

MD5
e6676d0a8c4dd19fb7552cb146c055bd

SHA1
49624b0426902444ffe301dedd74e76b149c9252

SHA256
35a737bdec77aa595180aa7e30e7f39294996e17130067d386a6a321a010581b

SHA512
8701fa558c83128bfd76bc3c97b1ad9a376d0459090dcfcc3e89a10ca2be21cd859b548d5ad70310513c32606d77c3eb09b3ed767c5ba063a5778b0c758882f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Search.ico

Filesize
4KB

MD5
d38a42c407564617441b281bf12a2e3a

SHA1
ce9253c11efc25a816bd092e4e0ae9a499004390

SHA256
9f72eb8ae061838e13a035a011dbdda3e0d2ee8b127363d1e3fc15b70952c983

SHA512
cffb15d5792d03aec0758ad4d5277098363e872c5c651ff0793f8c78b2f2ced64c3ef0a91c32dc4f5bd5a1e99fb98dc0f9e5fda72bb55088876ce7b6e0f52505

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uninstall.ico

Filesize
3KB

MD5
5f1ffde80455c4ea9f61c14a76ed4c7b

SHA1
00686886f14f219ab772725741c1dd044ee09946

SHA256
60c51627cb75175bc79735a0190df6a2a342d5cb9809fd6fc0764e86adc65e05

SHA512
482b5872872ca1e6ea0d561d66886ebe12db04f500103dec100032a89b8bde808ef6facaf5881b69b88d035021774e1a38ba2cec02fb40a706bbd76dc7106096

Download Submit
memory/2076-0-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2076-44-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2076-45-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download