Overview

overview

7

Static

static

3

3d07d3600c...05.exe

windows7-x64

7

3d07d3600c...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d07d3600c5df454b9626a86cd21d605.exe

  • Size

    319KB

  • MD5

    3d07d3600c5df454b9626a86cd21d605

  • SHA1

    cfc6097613428208908d7ead6cd3598f235f9980

  • SHA256

    29a782298ace4c06a10d2bd1a0ceb54db2b201c5c72623da15f389f8c82dfbcf

  • SHA512

    ab57fe9908d8315b1a029f5699e746ebeed63d652aae3b8cbf4866052b349e5968ef059b609b49f7c619ab45e76d286f32d5cf853065f58b4903aa9211b29587

  • SSDEEP

    6144:wJ1P9uoKTeOLNX5eyIBbOzciQXdPoWKZDpT25QGxXK:w16KOLNXLIROzcicdAtZdT5G

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d07d3600c5df454b9626a86cd21d605.exe
    "C:\Users\Admin\AppData\Local\Temp\3d07d3600c5df454b9626a86cd21d605.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\3d07d3600c5df454b9626a86cd21d605.exe
      "C:\Users\Admin\AppData\Local\Temp\3d07d3600c5df454b9626a86cd21d605.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 172
        3⤵
        • Program crash
        PID:1700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
    Filesize

    14KB

    MD5

    3f3437012eb1462b9d5890906bdb3299

    SHA1

    0d518ba068cc4b6d04bb9d80a1e9b08aa72de4ce

    SHA256

    d573371934f669d80f75ad1541dad51763dbe68e81f51cdf7cae5cf8eb3cf1ff

    SHA512

    ba3996b71f8137eb476abdaa65f569084ef1916c38edbf59800ee3c421b4614a883d1be788d2500967c8f46a79f6c89d603cc9211d01d06e712d84935b5aa036

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    8156706568e77846b7bfbcc091c6ffeb

    SHA1

    792aa0db64f517520ee8f745bee71152532fe4d2

    SHA256

    5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

    SHA512

    8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    8KB

    MD5

    7757fe48a0974cb625e89012c92cc995

    SHA1

    e4684021f14053c3f9526070dc687ff125251162

    SHA256

    c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

    SHA512

    b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

    Download Submit

  • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
    Filesize

    451KB

    MD5

    b33b4a25f86afae6309ddbeac0f73313

    SHA1

    3ca5cd0188b1abf75d7f6636640c8bb6e5c6f090

    SHA256

    0feb78a149f74e662487c68863180189c2d8f08d35726f7f11ebedab2873f35d

    SHA512

    74f26b28e14d52616879dc9842df2cac11cb0d02e946a108eae3bdecd58fd275748d358eb15270fefbff02210834b87a2ab2fe66a9fbaaff140bd612f6b37275

    Download Submit

  • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
    Filesize

    467KB

    MD5

    2e5c7e393d476b62f2f5f196c5d427d2

    SHA1

    540a9337f20991cfac5449abada6845bd41ca0f4

    SHA256

    8bee43e93fc5b1871b156d4b39b7bcd30ce2c9444024393d4d7b75347e98ce46

    SHA512

    3a3ca120f9ecc6b14d24a45e052e5448375779c84305be441896dc95edea4695087ab393ed1da6d3e0394cbc7de2449847f084c74b1fa90eeef8db6e4d51b178

    Download Submit

  • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
    Filesize

    640KB

    MD5

    cb9e9b0240e368ed69ef40282cb525ab

    SHA1

    c3b1c1ced9b98f0c3b7e26b5d12793d7d3685d4e

    SHA256

    90e01eb959f8968825eba2f106d3d77eb516aee69f718e1061d14f56490dfc52

    SHA512

    8cf26229f49b6fb9efed1d358e3caba1b4d63bd0336ab0aee7f0e13f17c835b5b9ce0b92908d8645b7ac6d93f9b81396e73833e65bb0763475b07b82a2154e69

    Download Submit

  • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
    Filesize

    461KB

    MD5

    0641ae7d72c227b1a05596b2c9fae6b7

    SHA1

    c3225c3c7a5a097ce12af535d966c85d5b005256

    SHA256

    9dc3470c4bbfbb624517a0f342ec4abe1c186002747bc593c86802bdc8ebf0f0

    SHA512

    8af3c8352f48521ef4b56396f71dd3836d04d62fbcfa99a11219ecad89b7d277c36e6b411d0b0782a6585c03c47a910f571396d8b17d463f2b9b78c1cf0f7dc6

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
    Filesize

    451KB

    MD5

    d1e159a883782f71f71e48a21ec1e859

    SHA1

    38fa462cda36a3d74a08532056b1dcabcea98fc6

    SHA256

    92a700294b229a008f1f2b649fe7d473c6b2b55bd2cde779a4b717579a40e214

    SHA512

    80395410522772db0d18b11a2065c1a7eadc146ea82950deae0d95f758e5f143dcc198acbbbd2910781c467c608e8cbbce9ed31daa2ff2e867dbd522a264b5ea

    Download Submit

  • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
    Filesize

    461KB

    MD5

    5e4dee469d9ae96f9641d3c2a411f12c

    SHA1

    ac1df9db20285fc129c45aa3ca248c2ef9530f3e

    SHA256

    bcb93dac3caf4dc2b5a2e0779dbb383f68829f5a71cf86dc024f162e9d643ded

    SHA512

    9d4b2418297d20cddb3360ffb4cf7447cdbb291b5db749fdd09b3f30eeec0f81c0f31fc5dbd8c2dd9def83e5272f0d630fa388a7f4317bbc089e93b7c9fc2462

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    Filesize

    152KB

    MD5

    3e5e2e6d1e6e1b24a90b456c060fb783

    SHA1

    87c2b58c821b063fd7093ba6323d1bb822fed2a2

    SHA256

    c761376d15ea5d6f28875a9df479ccfe480d1c96367047dd4150c360b9d147db

    SHA512

    f2ab976ac7f382dfdcf8f690c73345afeeb6763d1b709575b3d258c7c6cf306e1cf3afe156a2e1a1b3c46c2c660952ce39b36fe30ec574155628726645f5e79c

    Download Submit

  • C:\Windows\SysWOW64\runouce.exe
    Filesize

    10KB

    MD5

    33d2d6718e95b7ec9e4bda23c8a342d9

    SHA1

    1d28cf877720e43d3f698f543b2ff0a313692dcb

    SHA256

    8ba10ba64483432225384261c9f3bffb45d9bfc00dc6a269ff80adc6f5036d5a

    SHA512

    dab3bd84ce62a00e42193f6a7f8946d6073e4ffad197ee685110df69114880e7e4724c97d8c15cc92722c7a911b018c2fa3eabec158747a1a0e1c16280179b9b

    Download Submit

  • C:\vcredist2010_x86.log.html
    Filesize

    81KB

    MD5

    21a12c3aefff5239cf063a41863312c6

    SHA1

    87ddc00321b4fac92fe3127387378aec64d4d888

    SHA256

    866e71131f23631ab546b83317df9103d12aba2fe282714592dbe584ac82b985

    SHA512

    5490e69c6c5955c9f247790dfabd196cea8e83073bc131d5d269f52ee293aee60bdcabae33177fc403aee286658fa3243936b8ed952619279d80d91a358efcf8

    Download Submit

  • memory/1700-5-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1700-9-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1700-7-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-1-0x0000000000220000-0x000000000028C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/3000-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/3000-2-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/3056-3-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download