Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24/12/2023, 18:43
General
-
Target
0cc654daea9d4555ddaf402446203e7b.exe
-
Size
363KB
-
MD5
0cc654daea9d4555ddaf402446203e7b
-
SHA1
d1279934e3315ed545b6b2e7a4fa29135a27663b
-
SHA256
fa83d75b778e856d252bbf9b19f9a90379adf34053f6ee3cf8fbebb79ebe58e3
-
SHA512
e9cb19790e829d9b6671ba2bd0fe39915b216d59a6e081b257366654738e20bfba8b03565fa00028ba1cb8194730fce5ebf136e8503c1ab4fa3dceb4cf3ef525
-
SSDEEP
6144:hGtqA3/iOMhh0qzRi0nu9RMlJgTYIecbDfGEbyVlTJjHctb4mfcz5FltC8:hy//Kv0j0u3MTz2DuEbyVlRq1c9FltD
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0cc654daea9d4555ddaf402446203e7b.exe"C:\Users\Admin\AppData\Local\Temp\0cc654daea9d4555ddaf402446203e7b.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\7nKLZJUjD74v6wi.exeC:\Users\Admin\AppData\Local\Temp\7nKLZJUjD74v6wi.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD54216478844c9020e4ff575fd84de2c24
SHA124969da21417128bec91d347750f63ee3a9be890
SHA2568d584c1332aafa1c465bd0b29ac12f99f4501e03dccfe51db660ea6ad7675bf3
SHA5128f83bc35888b4ffd6a66f4a9e30b08ab2b5faab292917af48f1e781046bb87c030b8a5f316cf82d8af1dcdfaa27e684618c6d36a1c23212a408fcd662ef80537
-
Filesize
29KB
MD570aa23c9229741a9b52e5ce388a883ac
SHA1b42683e21e13de3f71db26635954d992ebe7119e
SHA2569d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2
SHA512be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5
-
Filesize
88KB
MD5c2c2b89b41f2a6fa8f2d4e2f6d04e781
SHA1b5bdfae3b52ee515e1c87bb80aa84b5241cbb652
SHA256e1e71eba266ae105fb96d251082e3e5fcd208ee328271cffe233ed7db579c653
SHA512e37378349830b6dfb28e9adfea764a41c21b9f75d48c4f15a5920c368059bd50f062f19e2ee8468796a5cecf97f11912e927935a6c9159787161161115593a65
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB