Overview

overview

7

Static

static

3

09f801b31b...44.exe

windows7-x64

7

09f801b31b...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09f801b31b0d3ecbdf67113059f8a744.exe

  • Size

    864KB

  • MD5

    09f801b31b0d3ecbdf67113059f8a744

  • SHA1

    a2d48c626a148314ad5f41f71b7b3c3102525e31

  • SHA256

    38dcae9d8e9155cbbafab1804b3daa48b7b381afb41e920a695ba922594dc459

  • SHA512

    d1ef52af54d3f3451170a6dc9fd647369a804f0c25b8e37dfdffecd43b3e847087705cada3a8921e22b4061ffe16f24cfa918b6de68ffeee3485e249fd8ff3cc

  • SSDEEP

    12288:T51+RkZ2TDVADK/nj+qmTIw65lX4JvJ+gTuCX2Cn7aZqoLl+nwvAU+egNaEP9:TqRkoB/nj+qmMwf/VX3GZqoLl+JJeNy

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09f801b31b0d3ecbdf67113059f8a744.exe
    "C:\Users\Admin\AppData\Local\Temp\09f801b31b0d3ecbdf67113059f8a744.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files (x86)\Antivirus2008y\09f801b31b0d3ecbdf67113059f8a744.exe
      "C:\Program Files (x86)\Antivirus2008y\09f801b31b0d3ecbdf67113059f8a744.exe" /d:C:\Users\Admin\AppData\Local\Temp\09f801b31b0d3ecbdf67113059f8a744.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\Antivirus2008y\09f801b31b0d3ecbdf67113059f8a744.exe
    Filesize

    864KB

    MD5

    09f801b31b0d3ecbdf67113059f8a744

    SHA1

    a2d48c626a148314ad5f41f71b7b3c3102525e31

    SHA256

    38dcae9d8e9155cbbafab1804b3daa48b7b381afb41e920a695ba922594dc459

    SHA512

    d1ef52af54d3f3451170a6dc9fd647369a804f0c25b8e37dfdffecd43b3e847087705cada3a8921e22b4061ffe16f24cfa918b6de68ffeee3485e249fd8ff3cc

    Download Submit

  • memory/2200-12-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2200-1-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2200-3-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2200-2-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2200-4-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2200-0-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-27-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-31-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-15-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-16-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-19-0x0000000004170000-0x0000000004180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2700-23-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-24-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-25-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-26-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-13-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-28-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-29-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-30-0x0000000004170000-0x0000000004180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2700-14-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-33-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-34-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-35-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-36-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-37-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-38-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-39-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-40-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-41-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-42-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-43-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download