Overview

overview

7

Static

static

3

6a84f7c432...1d.exe

windows7-x64

7

6a84f7c432...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a84f7c432e4416a9f37c23b36bce01d.exe

  • Size

    250KB

  • MD5

    6a84f7c432e4416a9f37c23b36bce01d

  • SHA1

    971cf4d97722d86c889ac96e4c90e6adffbd2cff

  • SHA256

    09c6d1a72e380e193279dd3744e7753e6a885a440d69e9a23e1be31b9e7d945d

  • SHA512

    b14f561db0fc1fcbbd1a2113d1855b520e6262d5f74ab616ff2609760db96033cd4e391d55ab85a375954350ba793cf01572b88157b109bf6aff5d4c51487128

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5lQqPySEWnOsr3p8Ffh:h1OgLdaOvp8Zh

Score
7/10
spywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a84f7c432e4416a9f37c23b36bce01d.exe
    "C:\Users\Admin\AppData\Local\Temp\6a84f7c432e4416a9f37c23b36bce01d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Users\Admin\AppData\Local\Temp\7zS53BD.tmp\50ee76fed6f69.exe
      .\50ee76fed6f69.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS53BD.tmp\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    8b454dfa9bb9e8586111c3408024d272

    SHA1

    15d48db25a4fda53abfdf396d81967bb019b0768

    SHA256

    a2f220ea2a076d0d98ebac58ce4920fb2e37e6554008df4114d14d64bfee3dd5

    SHA512

    5bcd009f2dd1dbd25088a72842086d4bbd2ea6c6f3a4e301f6c97eb4862c15ad456bf9b9ad8241734333101dca0653f6a723749bf1e838f7f6e397cecc162b6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS53BD.tmp\50ee76fed6f69.exe
    Filesize

    71KB

    MD5

    b78633fae8aaf5f7e99e9c736f44f9c5

    SHA1

    26fc60e29c459891ac0909470ac6c61a1eca1544

    SHA256

    d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

    SHA512

    3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS53BD.tmp\settings.ini
    Filesize

    6KB

    MD5

    1e5cf5521a0426b46fc7c0560d34dc28

    SHA1

    fcfa0054ecd54a4fde82fa96fd36a33b928b19d2

    SHA256

    6cb349e768939195e1b4127d509df82f21b437e89479cdc9b7d6c3d18f633b05

    SHA512

    c99c3809212ac1106fdf0039a7ff7174bbf366d7e9129731d717cb5adf5f01791e4860919484c595cfce559e6987d160dddfe0a5e891121f7ab96dead63ab4b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsq545B.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • memory/4980-78-0x00000000744C0000-0x00000000744CA000-memory.dmp

    Filesize

    40KB

    Download