Analysis

  • max time kernel
    7s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 21:25

General

  • Target

    3d5d354cd5686dd9cdf53e6ffbbdd8de.exe

  • Size

    386KB

  • MD5

    3d5d354cd5686dd9cdf53e6ffbbdd8de

  • SHA1

    a5742c4005efe189bb30f2c782e0b6b8bb5ffd54

  • SHA256

    66f982c39befa47ef6e8eaf322a287fd8ff75c304b909c6c7102c01fbfc903bf

  • SHA512

    09e4e3688ee0742dffe74bcd1c7677dd900f59f97b4342930e7b3cb34e43b3a7e83ae9f7519f8ffd307889dacad6b0c3ffefb6bc0c359b7f36a1c369843c7ec4

  • SSDEEP

    6144:DhJhWT3UEIA1CqzU75aDdrTPbNZAXdPRh2IQLtL2yy02V3IGcIFoSe8OIQ:DzhGqAQqzU7GrTzNZeNAl2yy9BoSZOIQ

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe
    "C:\Users\Admin\AppData\Local\Temp\3d5d354cd5686dd9cdf53e6ffbbdd8de.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4660
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\0.bat
      2⤵
        PID:3788

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\0.bat

      Filesize

      173B

      MD5

      14e5122058af1684490e3469054ff4cc

      SHA1

      91f3f20e979b695129fbd47c833010fa2deb088a

      SHA256

      824c158a7e56e8b15667a6462de25c09684bed25cc43dd52fdb4a4949b3c9db1

      SHA512

      c9660bde0c44407848149245ddf8c3b2d6c9bb050d580e9e58c815b790ee8105b76467dd4e40f5c158233bf7ede1cf116d3431cc124e2bbcdb4db9b23a70f405

    • C:\Users\Admin\AppData\Local\Temp\43489.exe

      Filesize

      20KB

      MD5

      0df36f49c1589e65c5fdcbf33affe56d

      SHA1

      3fc367dbedbd76fc217d30d8af24f2fb4650bb31

      SHA256

      5ab0c82108b56eee622500908b1bd7416493ad5e3650334589ef604c051a1548

      SHA512

      83c450f8320967484277ac40756a15f7d1c132aea6e0e5ce33847848570f5d6dcd8ce1a05354f0d52d58d08f595f7a13e5dc71fa89c26ebb05f8930c1196aeec

    • memory/4660-0-0x00000000004D0000-0x000000000061F000-memory.dmp

      Filesize

      1.3MB

    • memory/4660-6-0x00000000004D0000-0x000000000061F000-memory.dmp

      Filesize

      1.3MB