Analysis
-
max time kernel
77s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 03:00
General
-
Target
ceb68d9f6e90f21f96fc3292651a2977c04b56ef5aaf974499c245505b4e7232.exe
-
Size
1.5MB
-
MD5
87e061c66c3fd8a4b07c75901f3291e6
-
SHA1
659563198849645bbc83348df323251a07ce9547
-
SHA256
ceb68d9f6e90f21f96fc3292651a2977c04b56ef5aaf974499c245505b4e7232
-
SHA512
2277a71651e0745cdb7499bc3204458beff3a52aebb13dd266d60b566565ec945abe2d6c3b32c3be3061e52bbad6592e8f4fc9346892bbf8b5ced0487edbc221
-
SSDEEP
24576:f/CKAB78NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:faKk7gDUYmvFur31yAipQCtXxc0H
Malware Config
Signatures
-
Executes dropped EXE 8 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 9 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ceb68d9f6e90f21f96fc3292651a2977c04b56ef5aaf974499c245505b4e7232.exe"C:\Users\Admin\AppData\Local\Temp\ceb68d9f6e90f21f96fc3292651a2977c04b56ef5aaf974499c245505b4e7232.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"1⤵
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 9001⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD56efff302464ebf46654ca41d04e55d45
SHA1a371506cf4d2b0448da6d1fb8835276ce6b19abf
SHA256dd832d281c71501fa4a3f632e3ff2512efa11839419de6686381ab84750a1a65
SHA5125a2b8da55b126ecd2e5a831c516ea1543d024487e49a142b1b97ecead717b738ee7ecda052be1a077b90304a7cad7a2e54b2ef3d7794e06446089db73ae30a09
-
Filesize
92KB
MD5a258b6fd7b21a0ed3a7cbe0cb8df2010
SHA1bb452ce70bff198530b24f2b205cb88a8ebb5551
SHA2568ac18fa327c77b8753368825fd3cbea0940eab01bf39ff1d2a7bb01467b3d898
SHA512e7ff19a8554456ca4df7f2232b0c7881909b813ab90851fd7af4622cf9c8e3ca00b687bab51748701ff9b59c29abdcd47b200e30e3140880cce69c36951cfee9
-
Filesize
382KB
MD5fc94a5eea3b8640564388e6e4cd75e2e
SHA18cdf46ea60404625a5db4774e8cf8aa988f693a3
SHA2566d89a001f6a398df05f76b712e9d17740a50e7ae23afe5303bbb45ecfb445599
SHA5122eac14826d3db7e6a2e629a6f080ceb4040fb8778c1664a27af37203d8e938de0a6ef80f56bab39d13b731397925e613910a0c4822fee6cd8a7cc45e615ee22b
-
Filesize
832KB
MD53269a500d20eb3ed7624b4fb85b1ee23
SHA18b1e608838fe21d2255566027d7bf80c53facc7c
SHA256e8968660bb025ff1a92e41d957c7a63b1077cd8279a020781cf9552c53213eca
SHA512808e17219e77b79ea69d63404556224a18d0c858858667115b5bd8dae0ee5ccd1b2e2ecf870766099b34f68b555dba72e23f982d180ad598965601e18d9d1c2c
-
Filesize
1.2MB
MD5a2c3dfe3167cdf32ac6fef5b31cde441
SHA19badb525fc2c5b7180a79c9e930fc2d11dabc4d0
SHA25676d33d82f99d12c3f85702482954b98df74a4055252a003d25dc94a75321428b
SHA5121fbe731ee1c95b1ef2c28cfc00bc8dea8ea3e4115221225d28ed95e8811e1acbc5b051a8f7746ebd114ec2c65ffb338b924eaabd9f45762f3fcaa6062e147ee0
-
Filesize
673KB
MD55ef12a1e01df822e8330073ee625353d
SHA103af16efbc3b3a689d3bda0e8eb202bcd3c74b93
SHA256b50ab3a1fed8922de3f15fbfe3e4c1bb00c63aaad70803f0bdf657f4a6698142
SHA51299d9c207579aa75db3fd1dffa4460131526c0ccc546b6a809f7dee05e3bddd565393cd637f5489ae540df683d867bdb7e1a491aec05208df6731d42b0e50d4f5
-
Filesize
1.5MB
MD5928249d4796ac1a083d57e01bab429cf
SHA15dd94e888714513fe134d72cd03bad0da796666d
SHA256e0aa934e7ce8786b9e054a5a92a48464fe9c3c284469bc251601a1f8e80c7598
SHA51240e7918ce778bcbad0693e25cdebda519b2cc8f0010da8068eefc50a58007c7444a0db4aef956651518abcb0e059ad9d56e0ca8503aa9b611863b2aecf60f908
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
412KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
412KB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
2.4MB
-
Filesize
1.5MB
-
Filesize
384KB