Overview

overview

7

Static

static

3

c7f577cefa...e1.exe

windows7-x64

5

c7f577cefa...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7f577cefa301fea0c4819768680b4750bdc67a55e04a766a6d94a190bb9e9e1.exe

  • Size

    1.4MB

  • MD5

    6b388b92a6129fde94255cfd203da7a3

  • SHA1

    e59b69bfceff5ce28cc6f434f89c735f34c10d82

  • SHA256

    c7f577cefa301fea0c4819768680b4750bdc67a55e04a766a6d94a190bb9e9e1

  • SHA512

    fb5434593ce021dbb800c0fa380297b0da6ceff690590721eb47d5021b08334b20e2ddad244a5e522d9007b1ba6371e6e085719c8046c6ac507b8aa8b8bf305a

  • SSDEEP

    12288:OO9B+VY8quMPLjg4YqLgvB6dMSJ3oecwJE97O8k4QrsdJW3kFk9huIFYPSbwL:OO9BeqtL+SgvqFE1d3ddJW3CAqPSbwL

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7f577cefa301fea0c4819768680b4750bdc67a55e04a766a6d94a190bb9e9e1.exe
    "C:\Users\Admin\AppData\Local\Temp\c7f577cefa301fea0c4819768680b4750bdc67a55e04a766a6d94a190bb9e9e1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1436
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2424
  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4396
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:1240
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4828
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:8
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2948
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3472
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      PID:1280

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      246KB

      MD5

      3405c37b355a0ba15449c7791dfc784f

      SHA1

      d2aaae1544064ee9424b07e208a8dda21af52d2e

      SHA256

      66c289893da854e8f4bb8483b9ace80123afa049040b49b3df320af50410f807

      SHA512

      bb3d7fcb083e5b6318b9310cc8a45fae5cbf5aaf6aafb5f93e96a002171f69f9efd38ce5b1206fd00f3d58c2bdc0fd77a62997c1ffb27a9cbe3b95057ac6ec8c

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      349KB

      MD5

      41596657267252ef7898697a126d7259

      SHA1

      1d98007620a0203537f2b3e401d9d86905e8f7a2

      SHA256

      584ea35bf1cb9172eb3272ec165be3a98fdd8ab967b856d3eba357f68829d3e5

      SHA512

      45711917653061a98427ff0a4e3e7576e53be7551c70121b1750c4a51d728a72fe51ca41dd1604b6575dacd79bad6c4299fa314a03d55add47e215c70e829c90

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      227KB

      MD5

      06edc091a85d1f0bc8a933da7478346c

      SHA1

      85229bf3cf54a64d1b8d7a14f0ae3cc8d0c0edd8

      SHA256

      d363f2f252c20ff9ead1951523e1edd7a0a2c9ab1cb342d6e88ceb1bb5c55980

      SHA512

      01295e5c9932b40e6f7d6af1de2aaa6fb27ee03891a5fd474ca7e5c8dc06fee5262d102417271fb508c56087ff4d020df776fdab2e4c35ae2bdea0a8f823b121

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      483KB

      MD5

      f2c9ea06b69b0e617af5d27badaa478a

      SHA1

      14a5b5760756cc87fb56b393dbd7308bc7adc95c

      SHA256

      9490032011849625adf99bdb5eb57ff1ce247d5e851738ea8b13f0d7041770d7

      SHA512

      44e3a6f1807114f0af10d4d91f3d62d230ce4100b978a558c4b3408dd2722f42923a001c306e1c00dc81f9488e509024fc2ca946de0c3ed53cc1e667b2529a18

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.2MB

      MD5

      8740a21fe36950e3b64219fcdf9b5be1

      SHA1

      aaf639a13824a20e2c00aea438c99957e8cf0f16

      SHA256

      9f895ce4557ad2431c4ee150d603c7f5be3af92289b4d36f4e606e25e2999f6e

      SHA512

      f928177aff1afe741b37ceb72d7af69b72b19e9c8d408a7a54ddcf93b42692da72d6e879afb4201f925d08d26ae65ccca5d857376aa0a690fb8085a6a864b7bb

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      0d166ac796500824ea7ccd245487fd8b

      SHA1

      15eaefcb400c4bed68e8b4b1d4aa6bd2f8b48b41

      SHA256

      410d977aa7a1d8f444f6b37abb56919084ab63fba84b8ab2816b64af9a274006

      SHA512

      1d79cbac0de8c270cd7f4c51bcf27bd00880bdbefebe63add95e809627790d8998cb5f0d1cbf5808c023279afb35a21610d1d8ec7e66d72dcffff5ffba9a755f

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      926KB

      MD5

      2637876ca415edfdf1d4d834b91b47b2

      SHA1

      3d88f2e9df22e938b7891af61a074f9571da1d9a

      SHA256

      e732b12bfe6063e779990b390d25d9dfc7ce7ce82d3d16e10e1a3fd3500bd090

      SHA512

      b9368e949043d22668cd3245c8404f672217de48ee4b84c734d45cbdbd56105fa7dbd8aae804ab1a948cecaeb1365cbe270e2228f10cc24b1264b946a79b0baa

      Download Submit

    • memory/8-67-0x0000000000900000-0x0000000000960000-memory.dmp

      Filesize

      384KB

      Download

    • memory/8-68-0x0000000140000000-0x000000014017C000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/8-126-0x0000000140000000-0x000000014017C000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/8-74-0x0000000000900000-0x0000000000960000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1240-41-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/1240-81-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/1240-47-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1240-40-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1280-255-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1436-7-0x00000000023F0000-0x0000000002456000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1436-6-0x00000000023F0000-0x0000000002456000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1436-0-0x0000000000400000-0x0000000000561000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1436-25-0x0000000000400000-0x0000000000561000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1436-1-0x00000000023F0000-0x0000000002456000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2424-59-0x0000000140000000-0x0000000140156000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2424-22-0x0000000000780000-0x00000000007E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2424-13-0x0000000140000000-0x0000000140156000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2424-12-0x0000000000780000-0x00000000007E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2948-244-0x00000000006D0000-0x0000000000730000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2948-251-0x00000000006D0000-0x0000000000730000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2948-245-0x0000000140000000-0x0000000140155000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4396-75-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4396-35-0x0000000000D60000-0x0000000000DC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4396-36-0x0000000000D60000-0x0000000000DC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4396-29-0x0000000000D60000-0x0000000000DC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4396-28-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4828-51-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4828-64-0x0000000140000000-0x0000000140176000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4828-62-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4828-58-0x0000000001A50000-0x0000000001AB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4828-52-0x0000000140000000-0x0000000140176000-memory.dmp

      Filesize

      1.5MB

      Download