Overview

overview

7

Static

static

3

349e0faea1...2e.exe

windows7-x64

7

349e0faea1...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 18:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    349e0faea11882b3c6a9c8b363f79d2e.exe

  • Size

    249KB

  • MD5

    349e0faea11882b3c6a9c8b363f79d2e

  • SHA1

    ea709eb91186f6db7d51295e1aa8ccb6a9a9544c

  • SHA256

    23e857d52a42489a4ab4d2f444607ad6b94b72fe3ce3eb14436cb12c34b279d0

  • SHA512

    99d0b49834bab0d6f06d311cb28fdc5048e2cb683c4922f0f0803e1c5f75fe7a85ea2e9b1c9685d9228b96f4bed86f8cb1b46f3fe513264ebc10696c5c03d747

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5BF7COCV2irqWIpwVd:h1OgLdaOBF7COC2irqWIpw3

Score
7/10
adwarediscoveryspywarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies registry class 45 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\349e0faea11882b3c6a9c8b363f79d2e.exe
    "C:\Users\Admin\AppData\Local\Temp\349e0faea11882b3c6a9c8b363f79d2e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\50e9307f793ab.exe
      .\50e9307f793ab.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • System policy modification
      PID:4904

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikagknggmngojbldehgpinjjenhfhek\1\manifest.json
          Filesize

          475B

          MD5

          95b6b9aa3a3730d6d373a68eb5b411c9

          SHA1

          05cc71bfa2d2a2a18e169def790cca29f757dd3e

          SHA256

          5ac43caaa60d48d2c5bc8059dc845eb344b31c088207c8da714f7a36d500c69e

          SHA512

          5a178056071d0c94d2cfdf72a60403fbf9703cc28abe560f1f04fc2e073188f595c6bb3b687c7e2654899e103a229fe123c41af8aebbe189c9854ed71d8c672e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\50e9307f793e4.dll
          Filesize

          93KB

          MD5

          58eb8c6fcd4bee7de9560742195f7749

          SHA1

          99d74ae9a2023da624cbc73c814892917d106256

          SHA256

          e3545ec71066f7ad216dd8f252a6ea01471e407b4c942f6f20c314395d58beca

          SHA512

          bccee7b812879efea6f44806eb1dbb28e21c2f7a41e7efd41de9fcdc99adbf5cf8f720c18e54c0c046592284099546b8b5f15884b070e1c1264a2a7f32c27ab4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\eikagknggmngojbldehgpinjjenhfhek\50e9307f791de3.99658359.js
          Filesize

          4KB

          MD5

          8cee93201ad62555cdd80067d71fe51f

          SHA1

          4565373c0a496678ef8041d132f61c40cefb7766

          SHA256

          941acbcd10c4572356ebaac0920d8221050b124982cfdfb622458d90c144e18c

          SHA512

          cb3db582390466f7899686bc01ab7da1f107bb9ed770d30d00714374f7aa68fade8d4d46489bdcc19c4fd072f73d4a4af20e4cbae6a38474e5927b04130fd7bb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\eikagknggmngojbldehgpinjjenhfhek\background.html
          Filesize

          161B

          MD5

          60176f1de6eb176769a3ce789a0f64e0

          SHA1

          60635a3f08203997333503971df0fc4a2bbb485f

          SHA256

          387c237d072aee618095dfb73daaabc795e5c17adcc76563335a3bf4766f9041

          SHA512

          d41a3650c49a86a0058127816b7f5dd24e4537a7d88a8bf54e3e496e02b99a41ca143f54effe35cef77051768ddc210bd17d836df6b1182c2c2656d947ccbae0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\eikagknggmngojbldehgpinjjenhfhek\content.js
          Filesize

          197B

          MD5

          5f9891607f65f433b0690bae7088b2c1

          SHA1

          b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

          SHA256

          fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

          SHA512

          76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\eikagknggmngojbldehgpinjjenhfhek\lsdb.js
          Filesize

          559B

          MD5

          209b7ae0b6d8c3f9687c979d03b08089

          SHA1

          6449f8bff917115eef4e7488fae61942a869200f

          SHA256

          e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

          SHA512

          1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\eikagknggmngojbldehgpinjjenhfhek\sqlite.js
          Filesize

          1KB

          MD5

          c64958a3f2bab5597e29b4c49e9c2a5e

          SHA1

          50c9712d13ebf2ab540427c1fa77bf060589c906

          SHA256

          645fa5ef2fa0d7232c2435077dd3d1b7d3372536e62eac35208e82ab107bf073

          SHA512

          4f97dae80add7ffd10b2f53a21018be2693ea4ad83148caf8452d84b73c44962190f36ad7f4a7ba68dfea88613ac8660199eaed30d2d3c5aebd8ad05a2f8058c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS591C.tmp\settings.ini
          Filesize

          7KB

          MD5

          2ca86d70950a82fc7e681a3a32c8608d

          SHA1

          ef2396d13ced454e63e47d91c38b37d064bacc1d

          SHA256

          83d584df467b255aeb119b256938f9e430fda22efd979a88af915beffce3aee1

          SHA512

          8ebe350391c572b925569e3a393429b53e0201eb0ca1eeca1ba1590182e62158eab3d0b1a0fd156b0ede9aacf83bcf2af15eac10ecaeceacd0d78bdfa9d79340

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsx59AA.tmp\nsJSON.dll
          Filesize

          7KB

          MD5

          b9cd1b0fd3af89892348e5cc3108dce7

          SHA1

          f7bc59bf631303facfc970c0da67a73568e1dca6

          SHA256

          49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

          SHA512

          fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

          Download Submit

        • memory/4904-78-0x0000000074020000-0x000000007402A000-memory.dmp

          Filesize

          40KB

          Download