Overview

overview

7

Static

static

3

4a077a1b0f...0b.exe

windows7-x64

7

4a077a1b0f...0b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 01:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a077a1b0fa632b0d1a7e2fc4ddf680b.exe

  • Size

    250KB

  • MD5

    4a077a1b0fa632b0d1a7e2fc4ddf680b

  • SHA1

    478a73b6a6f5e39cfc1d1d87661f0c462eadce5e

  • SHA256

    19f2eb477cb72c250f319bb2e31a4bf561cc34d272a0ea5a5a281ac5150575a8

  • SHA512

    441d96b6d7e432c2e25d578bc0a6c1b64d666b9efef8e55a0d31bf0c9ab59ef012e5cd1d10ca18f1fbd539e2366ab6d7045de59c1b2b06a6be2bb62c3657a541

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5CuxGnImwZKHAS77BERYk:h1OgLdaO0nIBZGG+k

Score
7/10
adwarediscoveryspywarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 4 IoCs
    installer
  • Modifies registry class 45 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a077a1b0fa632b0d1a7e2fc4ddf680b.exe
    "C:\Users\Admin\AppData\Local\Temp\4a077a1b0fa632b0d1a7e2fc4ddf680b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca3823273d.exe
      .\50eca3823273d.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • System policy modification
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Browse2save\uninstall.exe
    Filesize

    48KB

    MD5

    f3c79bda3fdf7c5dd24d60400a57cadb

    SHA1

    1adb606aaeedb246a371c8877c737f0f8c798625

    SHA256

    a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

    SHA512

    c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca382325e3@50eca3823261c.com\bootstrap.js
    Filesize

    2KB

    MD5

    cc3027f4ce1d68c6a1bc30e053ee605f

    SHA1

    e2532864a71b67a866f554fd77f0660e7b80b31b

    SHA256

    4d55d8f50a3dbe6306683793042c3c424f35c5a45603a7898c1edd0f7e5923e9

    SHA512

    214e0e146a13488d2dc27277f41d85242c6c4c071dc818859c9fd32cb9567a8f51ecf71db14c27fd81a10391f91c66bec91a73f181d14576df00a96a0e3eff0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca382325e3@50eca3823261c.com\chrome.manifest
    Filesize

    116B

    MD5

    3b4bbad792e5113cda1852fe20aa738d

    SHA1

    bd01684ebe8e447df34818522352f5e8aa35933a

    SHA256

    e70ce71d4b9ead8f08ba390efabce1b2870e42ba6cbedb556afc7e16d4598d44

    SHA512

    2f15f7bcb4bfdef148c3cce2357ae3eaff4a091cbc774c31a5647edf8e9b9118cd4fbeada181b981ab4adf7efc78a626454fa47f9e3d7224f2aa86c402871256

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca382325e3@50eca3823261c.com\content\bg.js
    Filesize

    8KB

    MD5

    67ce4854206f0b0fc589398451611cd1

    SHA1

    0c9e4f2ce691de6302043061a47d5f3756e81b85

    SHA256

    0a92354e7b9d02a6fd270a354bbdc2aaf87b00752e5f57935947e7f4ad109c4d

    SHA512

    97702328bd647a1ac6459ba5998398480dd0e4fdff5eec259cf14df9c27408741c01c484ce8421ff653e2c98fa2a34be1aaf63b617c3cc51bfd61148e75804de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca382325e3@50eca3823261c.com\content\zy.xul
    Filesize

    225B

    MD5

    2f784830f22800f04e2d4d4306785f1d

    SHA1

    4824a492430a5ca57df7f4d4449d2a8a8c651708

    SHA256

    8d902174e5e517f8e70ca314047ad5e6fa5038eef6186f6bd96620a74b938989

    SHA512

    6a08db767d3a2cdc3cc4ff75a65e261be6400d9d1a8410ca92cef9c2986adcacd68ab637ae48a9f7bbc1074ff515df045327e690880e5f9e497c50857753b195

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca382325e3@50eca3823261c.com\install.rdf
    Filesize

    718B

    MD5

    e61c9681897db17a62e8984df1229855

    SHA1

    273ce100072d0d0b88fd13e1943483ca2a29036a

    SHA256

    5422431fade44e3a420617bdffa9446ea10902c07b1d3af26e5ac17f52e4b5c9

    SHA512

    6ef1d2df47a81914e42c08e133b7c581184e017a1c12eee70d81640b679b41b83c56b94b26b5571c601a0d301474b456a34326b5b96b1877af8d3ce459a87161

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca38232776.dll
    Filesize

    116KB

    MD5

    da161da8bcb9b8032908cc303602f2ee

    SHA1

    8a2d5e5b32376a40f33d6c9881001425ec025205

    SHA256

    0648d564b30e13a0819f28e00a9af39a6686a4d29ccd265c7d81548e4fe0f67e

    SHA512

    39e882a371dbce2484324811bffdd7ae7655b57401d07bf264aced6b5dac0ae326bd1945c536f05d8ab3b92ca03ff056c5a7baf54f7eb477b45fc405ec54052c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca38232776.tlb
    Filesize

    2KB

    MD5

    1f14de44d0d63a79f91d3fe90badb5fc

    SHA1

    7fcc921608d2cf40e81cdd9a98e1a15a6ba1f57e

    SHA256

    bd3d85c0136a66b2af79d4d91c1c5700c8931937b7e554d5ece946760ef4a99c

    SHA512

    86eb6ebf9eccf1dcb601db827797ac603c0ebe01b6d73318986275c29bd034c8df5f7c79ddf0b19536faf24bdb11e09ac95ea43e8fe75b0ed3dde76dd139883c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\50eca3823254e0.96272714.js
    Filesize

    4KB

    MD5

    08ff2b9697d842e2ceb0a90b8da76fad

    SHA1

    0e598531eba15442e5077dd91c30f9e0d7b84be8

    SHA256

    95c9ba47d58404a4faa6b5b7686d02c29f9186597942a6ba1e4f22008b7027b8

    SHA512

    ea7e7ddb7fc67add909ac4811ff810fe021eff85cc5d4e523235e730170b3f11ea74130043a58bb6c6c6b6094b57e9889b3758cc15c39673d72aee4e0ac69f8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\background.html
    Filesize

    161B

    MD5

    36a0b49bcb99e8c343a7ba32954b2149

    SHA1

    d1deb7adef4c9315dec91003d51c0e0f6a4dc0be

    SHA256

    9a203332b0d7ceae00fa66352e923ed3fcb45e876893d56e70c232e66962b764

    SHA512

    56e611d1a0ff95a3b68f6ab2cf00ac6e5eca172e20217ede29cc9aa4de78e6ce1bb0bbad7cdb24b8f009eaf290ab278949f2eeef2e68df4a8129ed64bdab0912

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\manifest.json
    Filesize

    480B

    MD5

    1a2173a6fed9391e199e3afcdfc40225

    SHA1

    ee64aaec103ddfbd7a920fd118b25d866631a265

    SHA256

    9c31c7d56d28973e10dc0191ec073ec185c2ef0e5d742ea2e6ada0b0de66dda8

    SHA512

    6ce09f31313c451ffb5bd276ea1fa9df59ddc0b3d5bd4bccb3579ccb480a3ec14f9fd1b096e6167e5c1be61db68a534b2e94389134e45785ca491714538a9f45

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\glilkjcapnahficnhnngfgecmkgakadp\sqlite.js
    Filesize

    1KB

    MD5

    16dd3867d7e95de4df66084200d6ff7b

    SHA1

    91db6e732fcdefa242d9ce5d8a4670c9bf57cf3c

    SHA256

    286002efa649d103aae25d0a41e8c062c2961d5634bbbcae7263a8beb1c08ac1

    SHA512

    091e6975a6bd60400bfbf40297320ddeff802a943ca3bf025d6e6cb780f9219247c0d1640d88cc6c8f830d9f74c2d74ab99075b959f83452f61117cfa83edd81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5A21.tmp\settings.ini
    Filesize

    6KB

    MD5

    3aa3a8210eba633186a29f08b3776ac4

    SHA1

    70023aec1e0d15a16b315425a3164ba644c9ce57

    SHA256

    803aeb77d39706f7a890eeb7245a02aa0b95001c009ec932192018aa5c34d8ae

    SHA512

    3ddbcd9b07b38141694ceadfd239d4ceecd4fb5a016ed78ce547168128b56e7166c59ea84d4a176b3ccc42a7e8e6bf4575fedc61542ebf9757b8ecf31c2f223c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS5A21.tmp\50eca3823273d.exe
    Filesize

    71KB

    MD5

    b78633fae8aaf5f7e99e9c736f44f9c5

    SHA1

    26fc60e29c459891ac0909470ac6c61a1eca1544

    SHA256

    d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

    SHA512

    3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd5E18.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd5E18.tmp\nsJSON.dll
    Filesize

    7KB

    MD5

    b9cd1b0fd3af89892348e5cc3108dce7

    SHA1

    f7bc59bf631303facfc970c0da67a73568e1dca6

    SHA256

    49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

    SHA512

    fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

    Download Submit

  • memory/2748-80-0x0000000074950000-0x000000007495A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.