Overview

overview

7

Static

static

7

1e1ee58904...03.exe

windows7-x64

7

1e1ee58904...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 12:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e1ee58904435b83d1d1aedbd57a3503.exe

  • Size

    29KB

  • MD5

    1e1ee58904435b83d1d1aedbd57a3503

  • SHA1

    444c0e3141a00a1b026f0e3a335d49860e498f9d

  • SHA256

    3db19b7ee4b37f052668c2a29f913909d653afec0101fae769e252b6a6e020d7

  • SHA512

    b7bd61f87c7187ed9bf298546a5ee047fb6842d2b15bb95da9697b55a95206b8c6e6c1002047090028d8bb87df58f8c68009da11b9d894386ed69d521d920109

  • SSDEEP

    768:XocAX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIocVSEFf:SKcR4mjD9r823Ff

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e1ee58904435b83d1d1aedbd57a3503.exe
    "C:\Users\Admin\AppData\Local\Temp\1e1ee58904435b83d1d1aedbd57a3503.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3700

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          352KB

          MD5

          e7a514b7c43a068076f3ab7d5406c66d

          SHA1

          b5d096cffbf2ead93af92b000baae7d4de83a74f

          SHA256

          f3d1887576408ea1ca5521d54276e72ad33ab3481e01296e83720bda4aeb9f0d

          SHA512

          6d0b85fc03a6cdd0728877afcf20a0541abfa16251216093b7f29d093dbe96801032b8511c7240c3a8ac0ea9943113a1f10f0b70fc47a00cc6c49a5477dd6951

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1r7bimfsJBh37PS.exe
          Filesize

          29KB

          MD5

          899e74fc66613f4c699cd47c874c0f31

          SHA1

          780147404c9dd9c5fdf30c1fea432aad57b90911

          SHA256

          bd1b2d66ff7cf34066a2812014767eec1b831bb0076a44a33bc64b63473105c5

          SHA512

          a6f66a4678997212ea895be59b72fae09d8196af99e890d8fae651f0966f533e00caeb325c512e62b043f3854e4edda6c9a61b364dc3e6b6a8c534eee195bc81

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          29KB

          MD5

          70aa23c9229741a9b52e5ce388a883ac

          SHA1

          b42683e21e13de3f71db26635954d992ebe7119e

          SHA256

          9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2

          SHA512

          be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5

          Download Submit

        • memory/396-0-0x00000000008A0000-0x00000000008B7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/396-7-0x00000000008A0000-0x00000000008B7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3700-9-0x0000000000E10000-0x0000000000E27000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3700-33-0x0000000000E10000-0x0000000000E27000-memory.dmp

          Filesize

          92KB

          Download