Overview

overview

7

Static

static

7

2288111c76...3f.exe

windows7-x64

7

2288111c76...3f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 01:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2288111c7664d929d4d2c9a79cd21e3f.exe

  • Size

    59KB

  • MD5

    2288111c7664d929d4d2c9a79cd21e3f

  • SHA1

    cef5a33244de5aa445cddc98656a5e0d78755b99

  • SHA256

    e5b3730a914f3dca7787bacc4acda251dc9cadb555d0b0ab606c93c91b865a9d

  • SHA512

    26fbeded481d7f9ac0b94b261e7e8066ed3538addff62f8c3b1ac9b0925cffe62db486f4de00a267e82f7e476d0a2f66e9b9adc1141b6d524de2113e6f6a83c0

  • SSDEEP

    768:XocAX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIocVSEFGocAX3LKew369lp2z3G:SKcR4mjD9r823FHKcR4mjD9r823Fr

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2288111c7664d929d4d2c9a79cd21e3f.exe
    "C:\Users\Admin\AppData\Local\Temp\2288111c7664d929d4d2c9a79cd21e3f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:5096

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          382KB

          MD5

          526ce77bd028280d70f2001c896209ea

          SHA1

          39bb38e69f4f10c32f0148a207733cba37629baf

          SHA256

          06e0a0ade0bc0d8c3f40c192dfdd8f808189095558e99b2ba7acad559c61c9c7

          SHA512

          11b81751969a1216973009f183b05a7ff620168175e9cb0f5fa92219567e9e99885080bc832e7da645b710c49491c224f83b0bfb19b7def2a982796e22cd6731

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\io0tKEQIOI4pDCl.exe
          Filesize

          59KB

          MD5

          63e0aef769f86dad729df177a9b8ad48

          SHA1

          f99aebfe2ae60d8521a1e3aebe7e9cb905c8f160

          SHA256

          6ccc194ae2bde1c558fd61d628a712acf93ece2a90e8f42a6bf741166b7aa05e

          SHA512

          1b482cd6760bd1be079fa2e60a2293734831cf2413260fcadc72d8484c7c4336609635711c8ccc91f893ac6b1a536d477963a286d8fc0447372e58786c1e20b5

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          59KB

          MD5

          5efd390d5f95c8191f5ac33c4db4b143

          SHA1

          42d81b118815361daa3007f1a40f1576e9a9e0bc

          SHA256

          6028434636f349d801465f77af3a1e387a9c5032942ca6cadb6506d0800f2a74

          SHA512

          720fbe253483dc034307a57a2860c8629a760f883603198d1213f5290b7f236bf0f5f237728ebed50962be83dc7dc4abe61a1e9a55218778495fc6580eb20b3d

          Download Submit

        • memory/3984-0-0x0000000000160000-0x0000000000177000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3984-7-0x0000000000160000-0x0000000000177000-memory.dmp

          Filesize

          92KB

          Download

        • memory/5096-9-0x00000000005E0000-0x00000000005F7000-memory.dmp

          Filesize

          92KB

          Download