Overview

overview

8

Static

static

7

17e699433b...84.exe

windows7-x64

8

17e699433b...84.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2023, 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484.exe

  • Size

    1.3MB

  • MD5

    b7c7c0861cdb5fc482632203e1ebba97

  • SHA1

    a282901a045639141e0c43b56fc5919a9695cedc

  • SHA256

    17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484

  • SHA512

    7ddf85fca2e54bebda114ebcf9847bf9391dba2c24132fc015f785a5e76a16a5bad1b55fd083649588afd8329a0c581a89ef3a331bfa0903b9f4e56a050255fe

  • SSDEEP

    24576:Qak/7Nk4RZIUmsbKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/0RZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484.exe
    "C:\Users\Admin\AppData\Local\Temp\17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484.exe
      "C:\Users\Admin\AppData\Local\Temp\17e699433be942f7a4e67117d5006e0bb1bd427521242c696055d2c50cdbe484.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc60b68a5f798d37cb7ceb241e719ebe

    SHA1

    8576cb27e76317c42c3fb27b78f11fec7e0891fe

    SHA256

    f89499d95ad5bac0ba5452be5255765fccbc7752de7c0869aa67687e1844f1a5

    SHA512

    3726adb041b5e409c2407bbf972ae423780ec2ef178a4ac14a50040eb9e6e05773efde7283e9b9ae9136372df02edd0f65c65a8527ad47b0f1c315ea7ae9b5c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f552d306d044864be2e76b338326d2c

    SHA1

    807013f5aa3e77de03107b534dd138aa8c7b0f1d

    SHA256

    f8d2adac3aced7e1abbcc763ee4e9b8f5b491653b7983899c802f3ee148b6426

    SHA512

    ed7c56c69e1c3493d3c4976f3aef3ddff500d867bb5e0a8145b14dde3b2e96e5b17a2d17bfe9c5e759d8bf0076750f873acf76f3266f93df7eea55977966b70e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d91ecc6ee66763a1f87f6112bc69a803

    SHA1

    c642325df48d89aa89e9efcea54361f1b080be82

    SHA256

    a68a8ec3480ac3b932d6b99b4c2f84770e421fb5aa7dbc95d28979080728d8f6

    SHA512

    e50921cbde4a64831ea8e4e5d3c8ff54117473174191038c0909492aa4e1d5baaefa2469bc8c9287a7d1f58226a08b47404263339f4d55852bb3697ce9a75dca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7edf1a126d1d8b3bf7a8fb64e1c3b3ca

    SHA1

    a2413a22cb3098ab858c00eb6c0e864c68d24517

    SHA256

    28141b5ccf1c81568c1591248cb3a1aec7910ec79c4c4083fddd2906491b782b

    SHA512

    a43ae561c89b3c816c3c90e3021af1983111cdc8dd6905a254d31264107a7bc60e5f4940045722d423bf040f352f36c356474e7c34d361915c7fbd27e677b654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e4823824bd76dd8580b98225231def6

    SHA1

    e9665fa60bc4e9d9458b981bd215fe674b841b12

    SHA256

    3c486beefc840c520e0b1b536c9d6688e5ee6e6e74b4bc6fb4c9aa7bd2fd0ba5

    SHA512

    a105a4a54379aa7b75ca6520abd443eeb0b109efa2f338f9f647d16e5805a46450e382f2887602db182f6218925ad40bcfe360397e0a481833924833f2f7de2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28da042513cb54b3c7cea7a24bbb3a6b

    SHA1

    469db921ee3088eb130697b227aae786b16da04a

    SHA256

    c2c2d5ba7858b4e909c9fc8afaa552c87ae1c2f576885ae8166dbf89f55dc282

    SHA512

    6ce108828317c8fbf240ea8b09c99ae0166aca6d9edcc7d8e409f71085e7ace8816a202cea1782461d66b41f281a80a1d85309d7526dd963ae5493b18888302e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0245ad17b7ebca92073af6a11c55dc18

    SHA1

    a803cc284828fdba75e2599747278516b0c44ed3

    SHA256

    f4df6f067df5c39b80d55557a4a97bd4a904a38e0944101470f34e44ecde4dc3

    SHA512

    f4afa008bc8f2394fce1efb65933eab8225a2aae2c1324f781a0dad3f52790b2f958965108ed22242aba688cfc7600fce57963e8c760b0c3238740485d27ddb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50a02bb69ef709f57cde345c45fbbe00

    SHA1

    c5816ce4d00585f529fa8e87238c22f36ea3c5cd

    SHA256

    3d4ba97658002adc814d58390afdcfc4b57f1946737be1758e5fa568d1497141

    SHA512

    f6803404a6ed78a02081a098f944250e0085dcd40772aa1eb9f934b98164e285a0a7758c94daf7f84d8b8518109652bb4832b5f04cede46676da24ef274a6690

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c431a7b802689dace30fc987d2d24ce6

    SHA1

    477eebd718e6f4b9d39f8d421040dcb5713a6405

    SHA256

    4a2a89f243eb4a209d622571c80d5211ea92717a3a60f8e8a8136a82f612d61c

    SHA512

    8531726e9b0fd7a75f788dcfc207e6c506b52603aadcd13f9fe95e051aa92558de9dadce183bd13620363b744a1a3053a40e128a0ab0550c808ba5260bd82960

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6bd7167ab1ab054995de0b70569c449

    SHA1

    779c86a2ca1ed3b38c2ad41d2d2e9d2f87e5e78a

    SHA256

    6a5f420c0dd6beef280730ab9d2fa0702ad4a84a382e0c73e3e31085a7c8d0a8

    SHA512

    e77a1df66e478aabadde9837abd052b0a9711363a31cc3081cd61c361dadb9d3839fcddbf04cfd189eb5dd479b167f4c0b63831a8c1ad9e96a8a9e6185dfd33d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fcdfb98d4c0bef2dffc0672d588fa72d

    SHA1

    f2e3b0564f5c294d1223336be85cb8c1aaed2b1b

    SHA256

    5f9a49740421027311fb7e99c8d34ea99e90199543c290ade4478652ea68890d

    SHA512

    d3bc638a82a2f52d70b2170f24975fbb37503b583ddb3d7d34c453bf4ba0899a23d24744bc8f0558567bcf8fb538a3dedc2d2e512e3bda2dd41c4a1ae7460fb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e662d1b02b30d79f71d6ea07f8432b8

    SHA1

    131d1546622183a89b674784a1231ccc07be83aa

    SHA256

    3e8d2479f48852d93e095410108e80575c31dd7ccde8746cc264677ba910c301

    SHA512

    2c7b98a25b67b8d0bc86c49752aeb2ecc143be2f910b85c4a2c3c694113a0555f616e035634e5b108a4fb7fbc7d989435679509a4e813d2d327d700ec7d3a6f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1aa3f343a7186224f65eb5797f9e8013

    SHA1

    8d631917072e9a3c96ac9eb908f85f460460d06c

    SHA256

    0b8ad62a2de0d5a7c4f3be14c6d997878875089e171b50dbdfc604d089c65a44

    SHA512

    56043e52cbecdef4e754560df74448b67b3b3cd175cbfbadd77418ebd1b9e3c99b61c40ef1f0e29089c3a599177215393a589785674879656bff7f95447ea616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    466546183530bd9449b4173156c2249e

    SHA1

    e277d7bfd169bb84126230afe569e8b580f3206b

    SHA256

    83e004fa4729e9aadf2463ff0916d6d2fa371d947920422e8f8f2409b19c3c10

    SHA512

    bf4de6e8d213c2baa8266fa0369c8f0fbb637cf90c9a776113108013afa99d283ef636b41e531215f61b22c5366698957faf9233832b81f5f725d0dc05e784d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ce9a4fbab34995a8c544e4b9e9d951f

    SHA1

    85780839fae0a53293e184ad8bb0c49c145fcd85

    SHA256

    62a6d430a5d5857a31addde5fd33afbe5b4e7d240a1ca763a064213be3c4dfef

    SHA512

    58445a6edb1ed715ad050dd12d0b33b9d17d921de05df456151b2b5c6fac4df987681753327c4773465e5d4d671386c84f16c27047471bbf2c42a1d0b677d5d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c5d62bfc3b95800354831f35ea3a6a8

    SHA1

    44362964d01d54bc4722ccb5f823e95eef665700

    SHA256

    4e75e73e2bfd7c85e8e22fa4192a890d0249171a4664c4b74242b27acfc62b8d

    SHA512

    f6f9a9bd2f8182c16b6bb148d1b574b704c070cf8de96684815b8302bdd0959afb2f357f0d3048b8dfa5e77e2b6445da9fc86205b03c9aacf201878fea65ba31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba11f25d3fee7c4a53aa45bdc5614830

    SHA1

    45918b5c16d2d5c87d46c70bacc6d6c2e71061de

    SHA256

    51614256f9b1d85e3acd0743e02c2fe108fcd3992f554cb8f9f4fbe550e1b13e

    SHA512

    2d8066e5dbe6126650fe1cc0a7337a69e1b89d12d173211e34dd3a25d3c80b5667c109d7661b15329d15a92ed8af30852146a04a655ce17c146bed8d7af53c01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69d090da4719960b0c720eb6ebcc5a81

    SHA1

    dd5f38831d5b1fb5319075e7819fc1aa931a2a02

    SHA256

    66310aafac91f510d8a01dcf95b625d10d867a22b839008be629f294ac69925f

    SHA512

    56f3cb95741364b4f6d74740c6adef893de43f993a660280358a1394d1f10e68cd644149e677218c662454f5d80c209f79b9044893d3c41f05dfa2dd048691f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6afc74be4f7b6f40b0ce02b39c3103c

    SHA1

    a7c95cba65975f7bf6c2a42dd4871630b4133ce4

    SHA256

    c60237f1270f3962f7b912dca8ae1bf45e4006b22ac4107bea3e29307048e52b

    SHA512

    61b0cfccf709f06c744b82ca078e472f383274e40217969676296e3916329866ee65e2803f423f2771d7712d0b97f5b06b04651cb5c02f32fcbe183cc75ea76a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC43C.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC48F.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2588-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2588-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2588-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-6-0x0000000003380000-0x0000000003626000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2744-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download