Overview

overview

10

Static

static

3

efe42e0973...6f.exe

windows7-x64

7

efe42e0973...6f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efe42e097392ba07bdbc1b30ed12f46f.exe

  • Size

    5.7MB

  • MD5

    efe42e097392ba07bdbc1b30ed12f46f

  • SHA1

    6e67c0ce64661b8f12c453d182fadcf9b81225b8

  • SHA256

    9d15283240ff79899aeb0f2866c51b75d953e5c04a8069397734a3cb6aef87af

  • SHA512

    87147c5b0a5016d5a6f36e980cf294880a78ca3b3491ca1e90bd5664f3d6405da4259ae486544f7b355cf6e29eeb80273336b9f2fbb5928730eda3584b8a1005

  • SSDEEP

    12288:MPZV/cS4H8+Gc8DWKwJa8JdrBoyvCRH96m2iii2Tc:MRV2iWih

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efe42e097392ba07bdbc1b30ed12f46f.exe
    "C:\Users\Admin\AppData\Local\Temp\efe42e097392ba07bdbc1b30ed12f46f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Users\Admin\AppData\Local\Temp\Low\0RTCU.exe
      "C:\Users\Admin\AppData\Local\Temp\Low\0RTCU.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 564
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Low\0RTCU.exe
    Filesize

    64KB

    MD5

    202191816957a39fc2b84b6c85acfeae

    SHA1

    f80f8648760994d71a5851823dd07167f0d57717

    SHA256

    a7f7dbcd70ed67b1f8a85b4cd5c807c7813e024c0539705d84c2c7f66b978002

    SHA512

    44a7071ffac61a0bb27c8c9697a2d6a14216801f5405ebea17a20c988b65ae4c8b592ebb207a6f3610da010795942ee00510c5e37db76cbd5ca87cd4a7c2a0f4

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Low\0RTCU.exe
    Filesize

    159KB

    MD5

    ccbede8d2869535347316a479f0b8095

    SHA1

    1dd0e7574972260c77ca90638950d83c7b00d8f2

    SHA256

    afae663cab910a67e7fb519797ff385926b77ee59fa0e96e1853318146d2e179

    SHA512

    9a0de846ced51215948a16300aec8aeb7cf0ef5c0005a3cb661fc27e85b5d25b3b3278e7c91fbedc9d0a1ec686fdcd8ff07f35b39931a7c28c8b2139dabf4456

    Download Submit
  • memory/2208-14-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2352-0-0x00000000009D0000-0x0000000000A44000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2352-1-0x0000000074C10000-0x00000000752FE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2352-2-0x00000000041D0000-0x0000000004210000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2352-13-0x0000000074C10000-0x00000000752FE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2352-11-0x0000000004140000-0x000000000417D000-memory.dmp
    Filesize

    244KB

    Download