Overview

overview

7

Static

static

3

3bfa214cbc...de.exe

windows7-x64

7

3bfa214cbc...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bfa214cbc210abf435478ebb9c7bbde.exe

  • Size

    250KB

  • MD5

    3bfa214cbc210abf435478ebb9c7bbde

  • SHA1

    897bad9ebf1552e490b49964ca02b0c280c3a9e5

  • SHA256

    48c4f5d882f4c32097500424d15004f703e9eddfaf5bd68e377ada1426343d5b

  • SHA512

    075a53cc69f5bf0fb0ac43ad99ddf2675c4dafc5402ed35fc402631d57764f28489cf2745eb30fd5cde34894d6a1031f3a1593dbfebb06615ccc0b8351f2511f

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5CPrCgqxpqsnSg+P63Sfr:h1OgLdaOCTusqiPcSD

Score
7/10
spywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bfa214cbc210abf435478ebb9c7bbde.exe
    "C:\Users\Admin\AppData\Local\Temp\3bfa214cbc210abf435478ebb9c7bbde.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Users\Admin\AppData\Local\Temp\7zS5033.tmp\50f7bb7493ea5.exe
      .\50f7bb7493ea5.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS5033.tmp\50f7bb7493ea5.exe
    Filesize

    71KB

    MD5

    b78633fae8aaf5f7e99e9c736f44f9c5

    SHA1

    26fc60e29c459891ac0909470ac6c61a1eca1544

    SHA256

    d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

    SHA512

    3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj50E0.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • memory/1132-78-0x0000000074600000-0x000000007460A000-memory.dmp

    Filesize

    40KB

    Download