Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
31/12/2023, 02:46
General
-
Target
2508346692a6937081e9617bd7692f1a.exe
-
Size
393KB
-
MD5
2508346692a6937081e9617bd7692f1a
-
SHA1
be8fc9331ccbaa1927929c22f9900676dad08dca
-
SHA256
9f0e200941f123f04219db76b387bfe74ac730842648ddcc8397077e0538bcac
-
SHA512
0d6e06ee74e8b2f3e1006f33c0caacbdf2098570f2efaa55b5b870fbafaa3581d899174fec2e016f009000735a0deac481b61dc851ecde6a80c10e5085a7a8ab
-
SSDEEP
12288:h3qj/lKiwb+DgCjoSxMmi8F5fdOArZCvgcvqE:h3qjtrbxjoSKmi8F51vdC4K
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2508346692a6937081e9617bd7692f1a.exe"C:\Users\Admin\AppData\Local\Temp\2508346692a6937081e9617bd7692f1a.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\wEcpLRPVExiXduh.exeC:\Users\Admin\AppData\Local\Temp\wEcpLRPVExiXduh.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB