Overview

overview

7

Static

static

3

07095c5ed5...a4.exe

windows7-x64

7

07095c5ed5...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07095c5ed548042950aac09270256ca4.exe

  • Size

    128KB

  • MD5

    07095c5ed548042950aac09270256ca4

  • SHA1

    31f980976b119db99e9753babc82bc6b34dfb70d

  • SHA256

    d930357b603b2d2c7811bb72d9e460e7e1501e117746873d1e5fe7df958c2c16

  • SHA512

    6ff24d5cc390713e338e1ffcd2788a795e1c0db3384fddb8d24247c8f74ca664d37fe1e8854096510245df9863fba61ee18b1a44aeed0351ca192413b68e9d06

  • SSDEEP

    1536:IQqNVxVujIEmcPalaJWowTb6JnoMWo6vv4AhtpNSxDUyTJlq2EwTb6JnoMWo6vv4:o5ujIEm5bKJ+RX4ABNSxzvZ2J+RX4

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07095c5ed548042950aac09270256ca4.exe
    "C:\Users\Admin\AppData\Local\Temp\07095c5ed548042950aac09270256ca4.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Windows\outlook.exe
      C:\Windows\outlook.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3772
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 29784
        3⤵
        • Program crash
        PID:2832
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3772 -ip 3772
    1⤵
      PID:3864

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\outlook.cfg
            Filesize

            636B

            MD5

            5cd85f71085c509798f4e9147ae36d6e

            SHA1

            c10feda9c0c1bc55eaf6c25185770e0a89644d7c

            SHA256

            6785ac7660e743fa222ca6e22e6591e349c3a14d2bb973e8899cbfd7eb204fc8

            SHA512

            b84f2453afa42ec7fafa61b37ec5b2244b9049eccc7e6a76d5603bb5147629634399e206834ce9a77dd4735b9da0efbe6211bbaec7f5cf46e480514b83efea97

            Download Submit

          • C:\Windows\outlook.cfg
            Filesize

            1KB

            MD5

            24374222b80065386e56d828c5720f21

            SHA1

            5dd0acda4907bd6a73e83af56325e047146da909

            SHA256

            8eb357b69134b97ab6c07d5a2b774c4c3b27f320c0c495a988fb451676d91c74

            SHA512

            0029cb6e156d14e1563e2ab09469ed9737b407fea825e437d4c02f791ddbfe1b8a029ffd71b8301122830fa84103b199142130b96ce3cde9f0726c049cf36d5a

            Download Submit

          • C:\Windows\outlook.exe
            Filesize

            49KB

            MD5

            0e9379e357aba95f8b9883af9b67675e

            SHA1

            280a174a414e5b8588f42b6328af2c8c8ff4394f

            SHA256

            96b9c4ead67d03eb2c69103a983274e013e3466e80d8f95bd7cf3aea8be05b28

            SHA512

            6cc383806882729cd889b025802ac0d5e1c55a74b3e7d7c98932644e8802fe52b5b14a886eff70ab7deaa70fb60bb9898e55b5cd83b5b99e2a2d107dce367784

            Download Submit

          • memory/3772-82-0x0000000000400000-0x000000000047E000-memory.dmp

            Filesize

            504KB

            Download

          • memory/3772-104-0x0000000000400000-0x000000000047E000-memory.dmp

            Filesize

            504KB

            Download

          • memory/3772-120-0x0000000000400000-0x000000000047E000-memory.dmp

            Filesize

            504KB

            Download

          • memory/5108-0-0x0000000000400000-0x000000000040C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/5108-11-0x0000000000400000-0x000000000040C000-memory.dmp

            Filesize

            48KB

            Download