22fbbb2d9503b10560b779b14733616d19d66ae46fd54e64ff326a338653fc83

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

365e3abc434dd080c3ee8bbd86739eac.exe
Size

1.2MB
MD5

365e3abc434dd080c3ee8bbd86739eac
SHA1

3fae6886e7cb3c9c836154bfc1014f7574e95558
SHA256

22fbbb2d9503b10560b779b14733616d19d66ae46fd54e64ff326a338653fc83
SHA512

b92db089fff74e8387301a443d6f78cac2ee3e21d234ede63bba3c448cce2f6286521bb0b9dffac513fbd10aab0859eb992c79fa77ad8e51f4b254ba4d9e1a2d
SSDEEP

24576:N00JRlD0wr7tV1F7pl2BocE+pgaFd9uN0cxi5SzA:N0g1HtV1F7pIBC+pfON04i5S

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259417479.log	365e3abc434dd080c3ee8bbd86739eac.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	365e3abc434dd080c3ee8bbd86739eac.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2908	365e3abc434dd080c3ee8bbd86739eac.exe
2908	365e3abc434dd080c3ee8bbd86739eac.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2908	365e3abc434dd080c3ee8bbd86739eac.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2908	365e3abc434dd080c3ee8bbd86739eac.exe
2908	365e3abc434dd080c3ee8bbd86739eac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2840	2908	365e3abc434dd080c3ee8bbd86739eac.exe	28
PID 2908 wrote to memory of 2840	2908	365e3abc434dd080c3ee8bbd86739eac.exe	28
PID 2908 wrote to memory of 2840	2908	365e3abc434dd080c3ee8bbd86739eac.exe	28
PID 2908 wrote to memory of 2840	2908	365e3abc434dd080c3ee8bbd86739eac.exe	28

C:\Users\Admin\AppData\Local\Temp\365e3abc434dd080c3ee8bbd86739eac.exe
"C:\Users\Admin\AppData\Local\Temp\365e3abc434dd080c3ee8bbd86739eac.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\365e3abc434dd080c3ee8bbd86739eac.exe
  "C:\Users\Admin\AppData\Local\Temp\365e3abc434dd080c3ee8bbd86739eac.exe" /_ShowProgress
  2⤵
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ISH259~1\images\Close_Hover.png

Filesize
1KB

MD5
83487401daf307d6c726a479de1ee6f9

SHA1
c173be4937a63672570078b325864c76b28040b8

SHA256
f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b

SHA512
da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\bootstrap_36203.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\css\main.css

Filesize
5KB

MD5
c4defa8d39bae67d8f65a0db206ce195

SHA1
61c4c8d278c15f4fbcf3d5c471adf796135920b5

SHA256
ac85063553d730cb11945522296d3887dc200fba829024c92bb3c72ce24b4de1

SHA512
8d9565d2ddbb5b9d336b7275f5e3c3398444cd467a162a5831238057855273571991bfe1812c50a5a94446014e15871ba1a42dfc9f3b53e73d31f185acc2b39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\css\sdk-ui\progress-bar.css

Filesize
507B

MD5
abc5fac091a8548789f3e6b4553ef430

SHA1
c02d3c132f87607b7081a7b61fbd48728cc75ee4

SHA256
d482709570c0f9259ccf0ca4569a9ca05b37798910fe650da459b30dd832c845

SHA512
5e01c691a1b4e2e767e73c32bd74866ebe5a61532438c4c222058f832c26901824fe365157f23a3f559de171332b743c9a55f0ae4ce5c004ae24cd906595a2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\images\BG.gif

Filesize
21KB

MD5
e4f15874b7d6a90e64364a02269bc4df

SHA1
63e6ea43b6f890cb00dab260967723730f525cb0

SHA256
1d4313dacef0bbf110c9f7b8bf4035334a6f7c9f2e05caa775aef936e4fb69d3

SHA512
fc707be1c0209b83f4403e95d2c2b67703d68309b6d27842d596c44179980c29e020a639b90956b79e4661c1e82f8ab615a054475c66d855b49669d7f20ebd35

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\images\Color_Button.png

Filesize
1KB

MD5
a379d9826c7537e27c3d039e6d816382

SHA1
19fc3f105175fa7b61d91e3217f2f7b56bc752a6

SHA256
ed26660ccbec7a439f5158741892beb9b63d2e7b9c491e359535d2cbce4f4e72

SHA512
cd2b2c5a559968857ff759351d8d5133410be863b97587ef50ea0b769ff46d142e96aedd24eeeb01b0aca55292cf91a86ea9569fa4c3838007a2aa76ab60ae55

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\images\Color_Button_Hover.png

Filesize
1KB

MD5
08ffc7fcaf5adc850cc454275a98274c

SHA1
d504fa7e100b7dc379b83a8565b307e6485bf29b

SHA256
28879145d87be92a4ca7896fc60f6eaa81d5baa5d12af34e768e2ad374a8ffa4

SHA512
96639e4bf4cfc9d353c071768f88cc6da7342619c5e19cffcff0e2fd53edae13b49e398ddc51b2d78ef89900f895f2b26172360222e860dcf11ea43560a111bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259415294\images\icon.png

Filesize
1KB

MD5
1f6b8e14e2373b4b184bb57ac1fca760

SHA1
ed2fec181aee0ec89d19215566a784be4ff4e5a1

SHA256
14336d4607b68a7ddc02e28cbafe89ea75d089fa7621e3304b04d249019b9da5

SHA512
8e778d230eece0528ab51b2c6afa9545b583def95dc184e187cc9914139f79bd67f715c800b6e9fcd5368dbe343aa4289ae34c2746d4e0d6d2e9353c8d5524eb

Download Submit
memory/2840-133-0x0000000001E00000-0x0000000001F36000-memory.dmp

Filesize
1.2MB

Download
memory/2840-139-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2908-148-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2908-129-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-130-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-131-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-132-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-115-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-96-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-141-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-143-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-146-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-0-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-94-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-154-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-93-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-162-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-92-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-116-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-174-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-168-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-175-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2908-177-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-180-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-181-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-182-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-183-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-184-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-185-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-186-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-187-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-189-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-190-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download
memory/2908-191-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2908-192-0x0000000001D90000-0x0000000001EC6000-memory.dmp

Filesize
1.2MB

Download