Overview

overview

8

Static

static

3

d55fb65385...fe.exe

windows7-x64

8

d55fb65385...fe.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    16/11/2023, 06:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe.exe

  • Size

    2.6MB

  • MD5

    a29d0b559b2ae3833caefe2364da64cb

  • SHA1

    513e22e2376cd7cd5a82fa336ab478db49572700

  • SHA256

    d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe

  • SHA512

    d1df47503218c5ff00fcc2e29794396a963686fe412db7be143d5f6c09ae19e47ae91497856326927b4d19a01407dfb50b62c70195d99d0463bf6825a749be00

  • SSDEEP

    49152:gA81IJPkqnEvdDqnroHOfmlO2tiToyGxgMHO:gA81IBgcnsHOm46iToyslH

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe.exe
    "C:\Users\Admin\AppData\Local\Temp\d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe.exe
      "C:\Users\Admin\AppData\Local\Temp\d55fb653851de0ace16f7d7ce587051e8c770b7f59766b90a1fd0337d3b251fe.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          13f7c79b125c7ad929b1ec7fb917ae92

          SHA1

          fc7611b88ba6576ea51433f1bf38f51c1e78b3b9

          SHA256

          47d1cbcb2018a753660e27271c11266b73046a1d994b3a55d86b21cd440ddfa1

          SHA512

          1dd58e31bb4225f6874a95599ece474f3635b1dc70331ee5a8c62795f93a6f5f3549160c9be01a277908af1fda77556bb25fcde6a1aeaf9811cbfd8c5f5f4c31

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          efec81cc6931205fd63ce70adb9d363b

          SHA1

          b58d60770edac2e4c36251e34eb497bead479a62

          SHA256

          62cb190ce6e243676887a579f718c91cca68d17320c6e5d34cc666ec7299da6e

          SHA512

          1cdaa6284bd9b7454a94a8fd75a28f174bf8fa873453afb61d9aa9518e5f2eefac9fe57e761656113c6c287aca0e40812b2333a2a15d7c01897b2e76249082b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dad780487e68503d098324e9721ea37a

          SHA1

          fc79bf6ff09e47e949d44461b824c4f32f8a6206

          SHA256

          5b1fdcb16419d9006077bef110ed67c581df04aefc7623e4111eac25f344058b

          SHA512

          69757e5c66af16c226bfc5ffe204f011cdc940efa8b4c71a7277155233735f6832eaf23975c453b17116ff1e8e43f4d189b7c22a25eef0033e9439eed76c7000

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2dc2e22f15ba3ade73ccc9d300e38eba

          SHA1

          3f87928e1f1816890e6ccad449c9ff53b190418c

          SHA256

          c3f82aefc5b2a6f6b398da0dc78debb28b54c6a50fe26d20824361744baa7053

          SHA512

          38c6d20c447a00711cb1d8afea843a0a87e95626f3eda2db9021f66d6bb13aa63957a83eac70159a99aad04ed23ca8a12b3f1d85a2ed02ffd9a35b75c21a6de4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2dc2e22f15ba3ade73ccc9d300e38eba

          SHA1

          3f87928e1f1816890e6ccad449c9ff53b190418c

          SHA256

          c3f82aefc5b2a6f6b398da0dc78debb28b54c6a50fe26d20824361744baa7053

          SHA512

          38c6d20c447a00711cb1d8afea843a0a87e95626f3eda2db9021f66d6bb13aa63957a83eac70159a99aad04ed23ca8a12b3f1d85a2ed02ffd9a35b75c21a6de4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a56ef49ac91e17876dfe4d6b58c62cb5

          SHA1

          c26e6386fd4d71100d090d818690344c0c66b647

          SHA256

          181c6d5e52600713273c32043fc473677af2c960d5d9de650c45a3e3423f5d7b

          SHA512

          af4aecb526ef8cf378b49318fa30234f0c23bb8866aace0b5adaeef205232ee6c835a9dab6da7751c9749994307ca0b5e970a5bf1d88931f934ab0d05523221f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          46d956c0fdcd3bd0badccc086597e5e3

          SHA1

          cf5ad30154ed1a01496f58b9d966df7b56843998

          SHA256

          9a3be8d5d74a9d13c8fc724c3eeb3025e8a1604734abc5ed9b1d32e65bb3ecfb

          SHA512

          cc51b76988ece7b8f4fa124dacb666db9e730a088f57a49b392278308078a3471efb8a9ffa01c7b7c392f89448dc26ea31c6149ff0849da43e8ffb0be8ec27ae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e950bc3d1971320b67667d622e8dd8bf

          SHA1

          ccbe6504420d64bb9efac9bfba56923fd07493ee

          SHA256

          803b91e7cbda1bf1fdac4779f5d957a637826b8a4d1b1ba750dda316ea143fa3

          SHA512

          5474bed0615bee53ca97f2c9169ba409107f5b7527333146608ef566ba679407355f4a41d311ca247145174bf0148eb6c4256bc4bfa5bd351c61358b9531bcb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          50fa004a22bd790eea95e17ed37deaf4

          SHA1

          5811a79c9952a89bb532b76ee3435e2b08e57d42

          SHA256

          acca1c3b580d9471f470941c86025b6a0ff22916768ef4e7930cf8849ee7f42b

          SHA512

          03f9151f0c274cb424568d0f286894838a4a873b27b8c86abd67f17a13a693da76b852db58e8a681866f445e1cc8ab6597c9db6cc5ae37963670f76eb945340a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c8d02cccd1b3d53032fc10f269b050f7

          SHA1

          6fcabfef4305be23571989ad8c4a210911e6f769

          SHA256

          f845a3463894a5efe6346032d84dad405791ac553e933a1116a9b30667237d73

          SHA512

          ff4b5036b2ce2e296c62359f5a9a18d17c57d4e8294850ca15c3ea11a96362d54766ef1234bd0fb4153767e1c7d595f042cb3f57df61d5d0030840caf8226042

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          86928cf6e6c3f4427d40fdbf483dfd81

          SHA1

          7384e4555fe06d884d30a1fe33c6ab080fc13ce9

          SHA256

          f6f727317ab9f0bcc3a2139a5f6b76aa18a26000d2252db528bff900da23d621

          SHA512

          3666a0eaf0d5ed4ecf4d3aaa82745a813abee30fa4f55bef0a4ef3936750583d1d6ff30a27cba1cc82bce2b8e265223c9348a2910f17393d667801ea3a36e6bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          73a2a65603aa4216f78cbcd91389f55f

          SHA1

          dfd41996e89f3c38621dd92a8e37fb93a47a8249

          SHA256

          a8be4a1a95f25db82b337b93b00f08c517c089c7767b1da96b52aa6ade118bd3

          SHA512

          ebb0d015606ce75fa2b9a8b48ccdad117144f526621286be0cf643d7211e9c5eb5d9d34acf2fd9df42d69e278011448902dc6ffc26e66477f88c8dadfb89cdd8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e9f0571de7447dce5321ab5eca3074c1

          SHA1

          a5b7a4841821e3d757498da3621b1bc6f24014a1

          SHA256

          20d18da7bc985507e4c2d505dccb87646156871f8fe07b9ae57b62038c95d527

          SHA512

          66255ea53ed54c94aabfb50721c4b3394c02e490f7c1315112df75f37482b2f236e386cd56b87781554edac5ec9261a4da4c72acd00e6cd72ecc69ce8b3b1cfb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d61552943de9d35606c49f0560661e50

          SHA1

          dc09bfab4ebf698baf63b914b47f24319be4e2c4

          SHA256

          d13d66a850bc6a0a01eec5c5571ce2bdd22ee829d0617cb1b1755ee354a2c89c

          SHA512

          14d730d7bc384967dfb65d63987c0c934eaf1a5d71bf71a4c289f0a3761f90322bbb1e4bea1b2d2b97962494672054e6521ae00e38c3d85252477b5f9eafa8eb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1005f4c2ecfc5f49f6876eab3548592d

          SHA1

          eb572d00d0223edbd9cb2b4d5759160c3dbe0c96

          SHA256

          72feee29a7c2b77dd8cd0a0ce55b36fa87c9d273f15a9c27d7389b7f4ebe6397

          SHA512

          31d7d0b8ba2ff60bc4cb9e0960167d579da8ded2c8c0eb9ce3ff3ce3b24aadcd9405d2210bf5119b0f6a3ad54bf3210efe7455820fbbfa33f3af6574b45dc278

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f03bf66fee458b57fa23d30eca99e182

          SHA1

          ffe45a4578e08f842b7c647a00828cefd75a6c05

          SHA256

          724981ae8a3e9d05698e1fce256b151c87db690841cb2245e80262d87ff31d82

          SHA512

          5236d2e493f1173f9c3003bc55ccc10a30f0dd31b0bdee1fd3521b123cf2c8a02477c088f47d910d331678a68a81b98a1eede0d4e9711b5a6582d196085aa082

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c20eec9f78913d0b5ae80bf1a3df5674

          SHA1

          48355f00ae166954cc6f8412c7d99ddbebf73497

          SHA256

          24b598f5477bf609265b88edc25c42740fe24a288d13b2b0a3f8d68e208fa6a1

          SHA512

          bb15bede063533ae8851c5fc85a1acc435057c74ab2b8e140155e8af4b78969427e482845957300dce53286ef548acd331d861416937a9adcf91f7dbba2cf655

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f0d14efdcde58c0116f2744537d5b3d7

          SHA1

          243a8943ffa147156f0f27ab6b1e9e2182c070b4

          SHA256

          acba20c58348d68e9c82af285692fb4bd0c6545d71b89667f624bc14be7bd6ea

          SHA512

          23db66f8708c06ab91c1ff7d3bef70b77c952f78ecc8739d8f4834c67a24f175811757d3a07ad0c6f485c540f96d80ed2603773d1fa7bfa7b7a3002542c758bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2f28a50c5c4462874b6eb3ab64ba64e5

          SHA1

          16c26ca78cd7f1bf6e6a274c65a6096a144a61f7

          SHA256

          b6e8b062cfb8746f7527713c07d1f9d3592aab94c420c881365310a973410de8

          SHA512

          bd0d9481c390b6b55d4956718ad3b43704f69fe0b8ce2575b29a28bf46598ce11cbd176385964794463a18f5aba5f8102552aa2939d61f526d4e9e3c0adf40a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          99b37a972ea8db51831fe315f2819136

          SHA1

          8d9dfa464bb741145d3655eba5743cf9529a5530

          SHA256

          a5c0c3691c7a9bfb47d75941170d5d5ece625ee954f3fd35268c743ac7d74868

          SHA512

          5200cd797a0a1f13a13d35068b6e2d63907c112f648dcf3620795c25c938bd2820937e1ed60598ac8e44517835c017989130a9ba80711f7bf5df008806daeed6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5C06.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5C78.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit

        • memory/2148-1-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2148-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3004-9-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3004-2-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3004-5-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3004-6-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download