Overview

overview

10

Static

static

3

141e76ca31...89.exe

windows7-x64

10

141e76ca31...89.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    141e76ca31d375daa858c70cc8626289.exe

  • Size

    178KB

  • MD5

    141e76ca31d375daa858c70cc8626289

  • SHA1

    0eb76d0cc2f4f61d285f7450f7708e40a0c10a7f

  • SHA256

    57ffd73949347468a537ed5786060f56119b4630b700cc245b3d372ecae42288

  • SHA512

    9f97a470c00b2f360f86a15cfbac3e6a5f64f229cf03c7d0d274196b001e077493bbed333b3d61966cd87f930240ddabc8af7d75e902d09d44ea480efbcb745d

  • SSDEEP

    3072:V0gsRCyVnADxyozYKtyNqrXR+vJjclB0GxPpOGgyk6Rj3a3iA64wwiBdfceyYU:YNnA1zHroBjREMGgykC7ayA6bwiffce0

Score
10/10
persistencespywarestealerupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe
    "C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe
      C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe startC:\Users\Admin\AppData\Roaming\Microsoft\csrss.exe%C:\Users\Admin\AppData\Roaming\Microsoft
      2⤵
        PID:1672
      • C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe
        C:\Users\Admin\AppData\Local\Temp\141e76ca31d375daa858c70cc8626289.exe startC:\Windows\system32\lvvm.exe%C:\Windows\system32
        2⤵
          PID:788

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\C10D.B24
        Filesize

        1KB

        MD5

        222d26cc931206f01feca4c5b0fc3510

        SHA1

        72baa6bc9cdf69c78695e7a56f47420b6815f968

        SHA256

        4cd6cbe40e47bf3101f0328f9cf7ca6d4e2a56835be41d29e78fda3709cfc91a

        SHA512

        82de5f88b18c492f11da78ad3b940eff2e3cf5d225a57c86976a13280442cb0162d979c223134a578eaabc61b32c7f900c4727cde22f81a1c0b21eb8e39fcaa6

        Download Submit

      • C:\Users\Admin\AppData\Roaming\C10D.B24
        Filesize

        600B

        MD5

        5e75c4fc1fe393c9e802c7ccc161d3aa

        SHA1

        93640b8f26309ff44d730ad75e698389657c00d7

        SHA256

        56579faefc7465fcded9a02e8716346c302b139cee6181eecb7544de514be971

        SHA512

        003a9e7d32856d0a512ef6c8eacf31e6cda86a3d5197d132e458a9d01b3df547778d06be151ae863298d57467edf201a1f3183ffb4f0cc462b784d9b84913864

        Download Submit

      • memory/788-80-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/788-81-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/788-157-0x0000000000500000-0x0000000000600000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/788-82-0x0000000000500000-0x0000000000600000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1420-2-0x00000000005D0000-0x00000000006D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1420-1-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1420-15-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1420-83-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1420-84-0x00000000005D0000-0x00000000006D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1420-156-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1420-161-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1420-197-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1672-14-0x00000000005B9000-0x00000000005D3000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1672-13-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/1672-12-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download