535bbce60ff5e2f3870f64ee62e654fbbce2c8f7cda45d701c98a4b773d72790

Analysis

max time kernel
167s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c02c89e381761b0a5533333fb9c926e.exe
Size

1.1MB
MD5

0c02c89e381761b0a5533333fb9c926e
SHA1

a1e452034e40efc0bad6e1ea2a4f4e1c7142ad2a
SHA256

535bbce60ff5e2f3870f64ee62e654fbbce2c8f7cda45d701c98a4b773d72790
SHA512

bdb5afa734ad5f49041106de4726409fbb405116e0610f78ef3ddb52e6970d25217d08977e78511d678f65ea7596413e426bab9ff6c59521faadf54d1032d3ce
SSDEEP

24576:mI0lusKkyGo7m6c7Ge7ZPxO0bHABH4az9LRsxdattQechIIwJpEI1:wX87an7ZPxO0bHABYaz9LRsitQeC7wb

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240722906.log	0c02c89e381761b0a5533333fb9c926e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2044	0c02c89e381761b0a5533333fb9c926e.exe
2044	0c02c89e381761b0a5533333fb9c926e.exe
2044	0c02c89e381761b0a5533333fb9c926e.exe
2044	0c02c89e381761b0a5533333fb9c926e.exe
3316	0c02c89e381761b0a5533333fb9c926e.exe
3316	0c02c89e381761b0a5533333fb9c926e.exe
3316	0c02c89e381761b0a5533333fb9c926e.exe
3316	0c02c89e381761b0a5533333fb9c926e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2044	0c02c89e381761b0a5533333fb9c926e.exe
2044	0c02c89e381761b0a5533333fb9c926e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3316	2044	0c02c89e381761b0a5533333fb9c926e.exe	95
PID 2044 wrote to memory of 3316	2044	0c02c89e381761b0a5533333fb9c926e.exe	95
PID 2044 wrote to memory of 3316	2044	0c02c89e381761b0a5533333fb9c926e.exe	95

C:\Users\Admin\AppData\Local\Temp\0c02c89e381761b0a5533333fb9c926e.exe
"C:\Users\Admin\AppData\Local\Temp\0c02c89e381761b0a5533333fb9c926e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\0c02c89e381761b0a5533333fb9c926e.exe
  "C:\Users\Admin\AppData\Local\Temp\0c02c89e381761b0a5533333fb9c926e.exe" /_ShowProgress
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240672265\bootstrap_32846.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\css\buttons.css

Filesize
1KB

MD5
63e5607b6ca179f4022438b4c1ebb8cd

SHA1
3a51b4c95b4210058242ec0f3025cc28cec16cf6

SHA256
86c77fbf9666fae956c11a2711fe2596a03443aeb935bdc430509741cf43e530

SHA512
47d51c36a0482c0359282a9c42c3f3380fbcdbd4ce904b0bd3edcd43cbcbf4e694e6ae4ed513f4aabb4d21063bb7e54fbc1953874bd18cde2aec5477f80da502

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\css\main.css

Filesize
3KB

MD5
98f9b28b30fbfa06b35e880caec410f5

SHA1
b9c5ebca5f9b4fd1a02b40be1d89561b0bda1c76

SHA256
0aa4af275722cf97ac03536dd5296c0999e34d31ba82a5bf8c4fe5aec57a8f02

SHA512
039c38574348b914a18918a445a0be8c03d7f1d02fa23a12d04c735e1694d46ccadf955d07f82fece33ec744aad464e9ca448c363c454d929e263458b135482a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\css\sdk-ui\progress-bar.css

Filesize
458B

MD5
f047788b88f4dace0e828635437e565f

SHA1
159d7a6b7563e4e4756796a83a4c019b3862d86d

SHA256
2264c4f20115e93ea2d609e7bc088cb82f0947bc41e65c6cf546e2cabf5f48d7

SHA512
a61be4cbeb5ce48263b60d75a07c4614973203b76918d0489f31dd147c8b1a57340189f12a92b98b2ab7365849b12d31f694a6931c90b55b8a336a5990a34790

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\images\back.png

Filesize
991B

MD5
8a99e16e48ab5bfd0084ccd49281b036

SHA1
ab40545bb33ab2bad0891d3b71c3f618a916cb1d

SHA256
e44a2c233a1b29a6cb3bdd5955dece4ddd1e7497d3529bb55add8da124ad3fef

SHA512
f8b5fd65300cfd1f7554e381d0a3313ce8611aa092b44322c1b59ebc145e915707825f0fcf8e2e979ef6464df713db4d3897f4624f5ab9d777d4f8c4c5ef95cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\images\bg.png

Filesize
63KB

MD5
674ebeb11c056b0cdf01802020b8b41a

SHA1
16fba8a46be739be737fcce768021a83142dc7eb

SHA256
b2f6875b12c8d4d583f93380c34babc18bb027cb15ed4e8a39bfbb5d9848f0b7

SHA512
71a826aca996b7db61a23e3011d4b3d9e61469f82620e6c0b08b1c85492d81da0d151d4c9aac6b3c168b53f0e4314bc2af6d5949c1e579f062f2697ae86be40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\images\close.png

Filesize
1KB

MD5
60e7a3f760637dd125a1150474e7f6bb

SHA1
46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

SHA256
d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

SHA512
d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\images\icon.png

Filesize
5KB

MD5
45d8e7f1e721db59eca3dc36e932bf8b

SHA1
974fbb730c8c1ae66c6187f99d887f44d8a77a56

SHA256
f8cfaea0b23c976a4e7a67ffe79dd82210c5fea7d6eba2383a3cc33f8802ae05

SHA512
85b671dc81758977e5f807af91333573e1733ce8ca6721100dbe8538a481d8811d6d36754517948ff6a5ad984bb5ed0724790f43ba30dafdafb8c94735e249bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240672265\images\next.png

Filesize
1KB

MD5
a4987c1267f6e8361800aa3d2dc840a2

SHA1
6d428d5e9333f78ffb65f8ac3aab06c8915078a3

SHA256
1b7fffc6ecbde629472f7e1b534243f7f7da06a6f2fed082cf1c62b6b002e9d5

SHA512
5fc4a1619851dddb8e689cbb342570f3004a7e4c030c593ac361b55584cda6178b3ce6a4baeed810467e569c07587affde5180420d793eb380782f440b23660a

Download Submit
memory/2044-101-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-89-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2044-142-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-81-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-109-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-111-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-127-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-141-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-140-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-139-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-1-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2044-87-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2044-138-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3316-91-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3316-84-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/3316-94-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3316-83-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download