Overview

overview

7

Static

static

7

1a423760a4...ba.exe

windows7-x64

7

1a423760a4...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 13:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1a423760a4f22b69739afa5be31f5fba.exe

  • Size

    36KB

  • MD5

    1a423760a4f22b69739afa5be31f5fba

  • SHA1

    5b19bcdae6589e08fe5cca56fe5a392717b7f92b

  • SHA256

    0d05b8d0b82db8b0e41e0079945c9a9b7c8b353b7159f4760b3962375b06decb

  • SHA512

    630c527388e9740274b36375e307ee8724089210d2171ffc3e3d92f12467a943da37039bd68f58003bc7e05eb6a1a5cc088d6f0cd77efc1a028461547b8ce412

  • SSDEEP

    768:X8Q2ZDX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIom46+Iy:s9Z3KcR4mjD9r8226+R

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a423760a4f22b69739afa5be31f5fba.exe
    "C:\Users\Admin\AppData\Local\Temp\1a423760a4f22b69739afa5be31f5fba.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1748

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          358KB

          MD5

          6158d292e5800d73b06e1bf4496199d0

          SHA1

          25fcc48c480d4037b0aee6aa4f85bb61149ace77

          SHA256

          d186a893be7b8c952f217caede03f0500a35053cdbc15073e799517a264807d6

          SHA512

          242a824d9390cd6dc8d31b225cfc31def0016e36405ccfdbbdf306f23cf6622c1bcc1c261c272513631c01014206e224ac2cdcfeb7d4a9036c87cf50c06ccc91

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\4FywGKsvFacCuL8.exe
          Filesize

          36KB

          MD5

          c17d01a462f563b8ad716c322488c1d3

          SHA1

          fd864bfb9facc854936833264cdb357b1a19218c

          SHA256

          498f988aa202430ce880d2c821dcf649849737214c94a7e98308b6a632e00e11

          SHA512

          4961108dac3750be89924333c6c40af881cecb71802f8f3ed9ed1654820f347f79b9d940e5f808b527892ddb30c8db12cee4d075c208ab77425349a22df4a9b4

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          35KB

          MD5

          93e5f18caebd8d4a2c893e40e5f38232

          SHA1

          fd55c4e6bcd108bce60ea719c06dc9c4d0adafa6

          SHA256

          a66c4b98becac2f69cb107cd087d7a2ca9ef511bc3b83367b1f440f11dd159a8

          SHA512

          986583610d27caae2080834301d072557c5d2c85e33f0d19ab1245d7eae8db146397461572ddb3d491be16f3af210720d54267dac838fdad8fe34afa3d6b7f54

          Download Submit

        • memory/1748-9-0x0000000000620000-0x0000000000637000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2008-0-0x0000000000CC0000-0x0000000000CD7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2008-7-0x0000000000CC0000-0x0000000000CD7000-memory.dmp

          Filesize

          92KB

          Download