Overview

overview

7

Static

static

7

b7254d7583...4c.exe

windows7-x64

7

b7254d7583...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7254d758341d446daa16cc9c9cd6d4c.exe

  • Size

    130KB

  • MD5

    b7254d758341d446daa16cc9c9cd6d4c

  • SHA1

    087a5bae305600aa9fe1a294581801fac09ac4ef

  • SHA256

    26dda853b5d6f5d9df23b9b26b5e287268b4e3323272d193ad366a0bc59d2ad4

  • SHA512

    2bdeab1fb6e86fc1897e0a60b7adb15b99962da185fe97cb7634d354698f02113c4d3a268c509f5ee788b61fa54ba8c8346e17bb6681c0715d3469909501217b

  • SSDEEP

    3072:sr3KcWmjRrzSE5/XwqlJ5oe/ziC20MJmYHgBCsN0bvsGz8I:/sXl/bIKYYHo5QI

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7254d758341d446daa16cc9c9cd6d4c.exe
    "C:\Users\Admin\AppData\Local\Temp\b7254d758341d446daa16cc9c9cd6d4c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\sDwDnFa6nm2tRAl.exe
      C:\Users\Admin\AppData\Local\Temp\sDwDnFa6nm2tRAl.exe
      2⤵
      • Executes dropped EXE
      PID:1456
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sDwDnFa6nm2tRAl.exe
    Filesize

    130KB

    MD5

    18001a17050af0e131b7283ae84f0809

    SHA1

    1c97868ef0c899277802cf65495146024451e636

    SHA256

    7d4a8bba4489e286bbda129a2eab3db8417b435bd76654969f0883a1efc0400f

    SHA512

    e8d8797d5b1d43346cac88a7f6ad2bf8f8fe5e9d36c213e30f7941ef3fe2bd562c965e000ca2c19adc25e31d76fef2e0168d0fdb0a10782946fc0809e4b6795b

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    36KB

    MD5

    d23b958b292229b9c4449af4799e5199

    SHA1

    4edca4f5650a46b49f38cdc3da76df63be05d00a

    SHA256

    590c7a8236b0a29ae55e001361e3365bcaaeefe732d6061da12175343026e50a

    SHA512

    1e758b59e2b89c8313027d609949eeadc4a40ebe9c27de72bf16be4f0a5e8dafceb787d92e1324f217059bd83363368718d4bbf88841fbb50cd11d3113177c56

    Download Submit

  • \Users\Admin\AppData\Local\Temp\sDwDnFa6nm2tRAl.exe
    Filesize

    94KB

    MD5

    9a821d8d62f4c60232b856e98cba7e4f

    SHA1

    4ec5dcbd43ad3b0178b26a57b8a2f41e33a48df5

    SHA256

    a5b3bf53bcd3c0296498383837e8f9eb7d610c535521315a96aa740cf769f525

    SHA512

    1b5273a52973dac77ad0ef7aa1dda929a782d762ab8489eb90dff1062dd4cc01e4f7f4157266a2abcf8941e91cf4aa5603de1dd8ee871524748e0989ebaa37d3

    Download Submit

  • memory/2004-0-0x0000000000980000-0x0000000000997000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2004-11-0x00000000000F0000-0x0000000000107000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2004-10-0x0000000000980000-0x0000000000997000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2064-14-0x0000000001340000-0x0000000001357000-memory.dmp

    Filesize

    92KB

    Download