Overview

overview

10

Static

static

3

02c9b93a30...fa.exe

windows7-x64

7

02c9b93a30...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    6s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02c9b93a30cac707fcf002a0de796ffa.exe

  • Size

    2.2MB

  • MD5

    02c9b93a30cac707fcf002a0de796ffa

  • SHA1

    bfdc0777ef4d84a248045919fae0e2fc9ba33952

  • SHA256

    d580e3cc2480f082f140cc784c0249f19d0c412d7758fb97ba8e750441188bb6

  • SHA512

    05fde0d4e1afbc0e5d3d7315fee4016caf5a5ed8f2365062cbb8588fb7552d8fd999a82e8f2360336b77bd0ffc9eb39c62aca5992e709f781f80e64bf561feb7

  • SSDEEP

    49152:QwoR6eo4uwBM3RlNpDE15UR43WNKrAdlK4MI0Q:qNokMBlLDE1W+uuAIJ

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02c9b93a30cac707fcf002a0de796ffa.exe
    "C:\Users\Admin\AppData\Local\Temp\02c9b93a30cac707fcf002a0de796ffa.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\44\Process.txt
    Filesize

    204B

    MD5

    d6a1c5fc21d711c4929de377524ccbad

    SHA1

    316453d2c8631daf30d7d210796b397351b6fefd

    SHA256

    823ffe1c164a81158deebe4116f89e8ef27e4ef76a072e6b8152135a3807f630

    SHA512

    ee6cecb378313ce908e823a830002947a8b537de6cf58bf01fc3922bbf10519f084cbb2314c7a2c1b3ba81911219ee0f75618486cb91d7b1349d33c65f5fb6a9

    Download Submit

  • C:\Users\Admin\AppData\Local\44\Process.txt
    Filesize

    354B

    MD5

    3be5a9cbf9254a1c7f39a4b0b8c8117a

    SHA1

    28f3f84d4fecaf71b6334c2619d8ba4a61d50cc6

    SHA256

    e02422e5b45f38710ffef1b9a984fc6d85c6ac0d8907e13812782e28f37ff155

    SHA512

    6dc553b7f6148a149b9febc51caf4e3f9bd920aa73eed80960639d5cb08eb18925c3fc667e38b4778f2b2d1f180bf8f4f926dc029a46ab6f98afaa24ebb9eae0

    Download Submit

  • memory/2972-0-0x00000000008A0000-0x0000000000AD0000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2972-1-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2972-2-0x000000001B720000-0x000000001B7A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2972-62-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

    Filesize

    9.9MB

    Download