Overview

overview

10

Static

static

3

7158931207...6c.exe

windows7-x64

10

7158931207...6c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    162s
  • max time network
    191s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 13:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7158931207c48d3960d430e032f8a66c.exe

  • Size

    176KB

  • MD5

    7158931207c48d3960d430e032f8a66c

  • SHA1

    17a883ccf958c0685778096c3eeff1786fb47af4

  • SHA256

    e7fc82e4f5b2fe673f4beb2af9877a8bf176f716cd8aadf5df3c90c52261e8cf

  • SHA512

    a20ec89786ec7970195b06706edf96d6523838969c3f82a5d4c1cda16eec6444fa22157a4b3fe1127cfae93ef6039018b5035e585eaa8ecab7f37d64f32426ec

  • SSDEEP

    3072:tbqF8kZqzj2DD3OYBcPyckwCB4fgvTCTCxa+SJA4ChMJFiu:t++djcD35LCT4qGgJF

Score
10/10
persistencespywarestealerupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe
    "C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe
      C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft
      2⤵
        PID:1312
      • C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe
        C:\Users\Admin\AppData\Local\Temp\7158931207c48d3960d430e032f8a66c.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:2172

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\B67A.373
              Filesize

              1KB

              MD5

              a757269a6f387fc39b7ab1a51d5a0938

              SHA1

              f1acec183b5262644510b5ecc655017586e76b08

              SHA256

              139320a64b022105b78eafa8238aa69dc11b7725a41576e7c96e1e88938f44cf

              SHA512

              83b0cd982893c231604300de7f6727dacdb537e796ff32df671c16e23b59dcadb9c3dc0bd67a020fe59ba96c671f1c0b09513786db5372875ee6659d742971b8

              Download Submit

            • C:\Users\Admin\AppData\Roaming\B67A.373
              Filesize

              1KB

              MD5

              a3ed6884dc039bfe042e00f3bc485c66

              SHA1

              6c5b06d83456966c4a2c74b09ecbe09d93896790

              SHA256

              332ca5995608ef534e693c04b2e9161302b7c0e5e03b1454ea72e993d5469e65

              SHA512

              f20eb07854b2d3c949a708ce90759e48fdbe9f9d9296947f36d047569d619c462c92f173bfd30d3d4a537e9a654dbbe258ddfc55e7db24320669282997146cb9

              Download Submit

            • C:\Users\Admin\AppData\Roaming\B67A.373
              Filesize

              600B

              MD5

              40e8c1228958099e7c758eb65627effd

              SHA1

              dbc8e6d1f04fe8c701745b45ec5fa348296db167

              SHA256

              e3f080c4498821722063b9337029636920312733c564076becbe4c7f30853bd7

              SHA512

              6c0b6b2e9dbb46f78c199ce66d5399ddf3a603fc639eb14013b15247a6a4a93c3a714a28db6dbf402da229bf53f2837ed4be2bd8e0b709623b26a1a53f55e500

              Download Submit

            • C:\Users\Admin\AppData\Roaming\B67A.373
              Filesize

              996B

              MD5

              718293163c86206e369d9e05e30e28db

              SHA1

              c0de03710f5e52e5511dbcbb0c15d7736d93584f

              SHA256

              3fad92da9c76337bd6880a07dcebabc8db1a55d6c11f422265fa2a90e502e6f0

              SHA512

              ffc0bb800daeefe45ca6d6c65938ee4a0db1e85e791cb0ab02b3c6f71b30988361b852b390ec8ea91656df56acc46523b8672cfb39bcf8e7acf2137903517420

              Download Submit

            • memory/1312-13-0x0000000000586000-0x000000000059F000-memory.dmp

              Filesize

              100KB

              Download

            • memory/1312-12-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2172-80-0x0000000000646000-0x000000000065F000-memory.dmp

              Filesize

              100KB

              Download

            • memory/2172-78-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2172-79-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2712-1-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2712-81-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2712-82-0x00000000004F0000-0x00000000005F0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/2712-14-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2712-151-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download

            • memory/2712-3-0x00000000004F0000-0x00000000005F0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/2712-191-0x0000000000400000-0x000000000046E000-memory.dmp

              Filesize

              440KB

              Download