Overview

overview

7

Static

static

1

2dcc2c9f28...b8.exe

windows7-x64

7

2dcc2c9f28...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    174s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2dcc2c9f28f1dca18435c420d414f1b8.exe

  • Size

    1.2MB

  • MD5

    2dcc2c9f28f1dca18435c420d414f1b8

  • SHA1

    9eaa9c82c3af8c549a9fc1e80f710016dbff1a46

  • SHA256

    1058084af9f8546899f4e7f08dbeebe3e9e0860e0563c143b8cca9dcf50c7d01

  • SHA512

    a5232b52333ae31f2e606bcccc1899f1df4ee36ad890877faf94474452b2433c2ed05957370c6bac4c911f37493dd9679f7fbad8a952eef77897446251e6132a

  • SSDEEP

    24576:BEiFIUmVZXMRTX1dXi6kgaINVRX/diX2n0e435qkLeI+t2r48WJcYrKGdvbpGGO4:JFIUmzXoTX1dXiTcNjPdiGnT65qkYt22

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dcc2c9f28f1dca18435c420d414f1b8.exe
    "C:\Users\Admin\AppData\Local\Temp\2dcc2c9f28f1dca18435c420d414f1b8.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\DWQGAFVQKCDR\tmppack.exe
      -y
      2⤵
      • Executes dropped EXE
      PID:1548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\46nj88n756\gui\CSPNA.html
    Filesize

    5KB

    MD5

    070b8a8c886ee6376cfb3bd187641518

    SHA1

    6b942b7598f4c295ee08590b978cbd0633643551

    SHA256

    afa9bfb2c067c7b78675ce4433419c69ae8b5be8aadedec3b938d07cf2f88dc3

    SHA512

    96664d4bf1caa6932835079cd25b641eb3ed6e8b17eeccb3fe4672d65d2b626f11365aad02fd035476b8f68cd3196e723e1a4c93812d59b6c1eae57d13f7911f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\46nj88n756\gui\events\cav.xml
    Filesize

    2KB

    MD5

    622cf5896e2d6fbb78ba09634c900bd8

    SHA1

    37007bcdf40342407bbdbdaf6025b561df6a4ce0

    SHA256

    e99361059f26cdf844731e1355d07072d37a7140ae86fe60717d4143bd374420

    SHA512

    a8facf1a9a23d6cbae973b6e556cd28c31abdf4e2ed3280d607223d41f9ebed495041b0a6e12b79e144c6d2e79cbf64238dbb2d0d8ee257122e3953b429c12eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DWQGAFVQKCDR\installer.pak
    Filesize

    112KB

    MD5

    1e5a630c4c85483c6fb87a86c430e2f4

    SHA1

    2187dfbf3d4d7e65876f2cbeb25384f51ea46ccc

    SHA256

    50f4b243b3043479e48f701667a2886141c71542a8e1f892badaf8d6935888e0

    SHA512

    8f0bdd55b8f376cb69fbfa22f7adcee60bf89204ffb0fadc22c3e5fd9067ce3ad82db049ffa5be584a0f235b1701aff735d3f092b2bc64f53d5e6c5982aea70a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DWQGAFVQKCDR\tmppack.exe
    Filesize

    718KB

    MD5

    07132df56fcc549cdb764a5030221f70

    SHA1

    e3ad21a65c5d1511571dda82ac75050ebebe1390

    SHA256

    e1d31f8bceee54e4e53ba3e876adc8758c82678cc3e7052b1f56dee6fd4fc099

    SHA512

    77977fb6f869903fd9c67d5c796211e0c0c21bb8b9457e733e42c8fedae4fb5d32eb19b26c8bb9d4a9a462c268f4f8dd3577e6c48cb370b650036427a58fce82

    Download Submit

  • memory/2744-7-0x00000000025E0000-0x000000000277F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-74-0x0000000002460000-0x0000000002461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-96-0x0000000002460000-0x0000000002461000-memory.dmp

    Filesize

    4KB

    Download