Analysis

  • max time kernel
    140s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 18:08

General

  • Target

    335b01a38b8f5f557094dd9cfe1d748c.exe

  • Size

    1002KB

  • MD5

    335b01a38b8f5f557094dd9cfe1d748c

  • SHA1

    d43ff241b2dded8db09f959f2e29ba0226412e08

  • SHA256

    3e6d98dfa9e0f27421888a5356e598bdfe72c317b3fad2be2a3d912be12e22e0

  • SHA512

    8a17306b99af61e1909b9066db18aabc6de52d935b4a7d27ffa1f34b388619428cfdf8b23d8437da313d7df6b2c6503556c5f5e52c360d61512e446b6bbb4520

  • SSDEEP

    24576:LzsjkZczo63M87odbJd5A8uvKXtvKouHPf4xVvCI:PsloTY4bSDvKXtvKDvgxVvr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 50 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\335b01a38b8f5f557094dd9cfe1d748c.exe
    "C:\Users\Admin\AppData\Local\Temp\335b01a38b8f5f557094dd9cfe1d748c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 1164
      2⤵
      • Program crash
      PID:3036
    • C:\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\dlhelpdl.exe
      C:\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\dlhelpdl.exe ~URL Parts Error~~~~URL Parts Error~URL Parts Error~~#~4633~4639~~URL Parts Error~~SendRequest Error~5A-2E-32-B6-DB-C3~#~~SendRequest Error~~~~
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3400
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1760 -ip 1760
    1⤵
      PID:1688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1760-71-0x0000000002F10000-0x0000000002F2A000-memory.dmp

      Filesize

      104KB