a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2023 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe
Size

1.1MB
MD5

db1c8043dca75f50b4589b2ee68d7eaf
SHA1

ab089a8ad244b33cca1c5b48e67e5e7d87f6aa49
SHA256

a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f
SHA512

bddf87d023c01c8bc445d5ed4b7d7fbb33f7e616c08f67049bb93a5e6053a3aff1018d410a5ece2c7d56862c73c1e14f040e19e618e3819d5c63256fa21c56a1
SSDEEP

24576:vq1kYgbWSenN7ueOP6OXYK5097OLp8mUMS/lphj4coCPHbRYLgD:k2uN7uzPLd8mUz/lXUcoSuy

Score

7^/10

spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation	a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2436	a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe
2436	a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe

C:\Users\Admin\AppData\Local\Temp\a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe
"C:\Users\Admin\AppData\Local\Temp\a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe_v2\UNO.ini

Filesize
7B

MD5
be9d6efbd8632e482c64618f00a701fa

SHA1
cc7c0702a34305282ba77d4eb88db1fa0bbed850

SHA256
d94fd0c7e43df0a03014a44d79653c0845adb29e6222ca47718c46af90847b84

SHA512
c59eee3a838ec35f447c28a701289f3f35ea5ec08d0c38df54482b39a2219598074d49fc162b1ef46d9e20c336221f53bc86de7163183193001b466ff36dd5c8

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\a2dcec21960e32bc4383f36d028e6bff32124885ef44f859a205ea6d82bf032f.exe_v2\b98302da-a358-4215-bf6e-54c6a8f6398c.json

Filesize
889B

MD5
046937bc979807080437e671c8488a12

SHA1
8bf746935f7793dac32fe50ceae32b277278283e

SHA256
de19d9de7c97a6cca873b253f0f55c456b90fc94fb9b48039dc7b14f8df91406

SHA512
f357daab57b50df40b10f039013da900b60065692deab592c6aa6c8ec2ec525cc292a1a9a5fe8fa0fbe8ee91eba94b4a174161201cf1e0c79d7d990383b9f4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\f0563fa8-ad2f-4881-8fe3-6f7643cb7d1c.json

Filesize
326B

MD5
bab5817a27eedac31505ab30a66b5fc1

SHA1
13e3edc09b42ecb18f99a70fb8faf4f91290d2d4

SHA256
4bca0b2ce9b6d9df2110491c7050f5cee926504ea0945ae53c1d28ffa5f60000

SHA512
a4060732fae97338436f68f6b6bbf81618940f6dba8ed74eb7ea17c8fee4d93e001ba361504bda94084b42ce690c7966a95bb25c0535eb3cfb83e6c5251cccf0

Download Submit