Overview

overview

7

Static

static

1

25fcca68e7...90.exe

windows7-x64

7

25fcca68e7...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    25fcca68e72c8d22e47ba76730875d90.exe

  • Size

    1.6MB

  • MD5

    25fcca68e72c8d22e47ba76730875d90

  • SHA1

    7da4c9895029c78859a1f4d878e742713205b222

  • SHA256

    5022b6cbbf4763f912a284e43b8fed3045818d53b49bd261870ae0e934c88717

  • SHA512

    ca9c0b8d89e159393ef554aebc9191f666dd4c21b7423aa173480f09e4d9e3c7011e03554af7d35348991c64cd4ba53fa483b114167cc0ace0e8b2f5f6d05595

  • SSDEEP

    49152:0KfmJ9vFnsx/65N0rY3jMVwqZi/Tn/Dr5:0LL9jzMVwrd

Score
7/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
    "C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
      "C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0"
      2⤵
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2720
      • C:\Users\Admin\AppData\LocalLow\cookieman.exe
        "C:\Users\Admin\AppData\LocalLow\cookieman.exe" /mode=read installiq.com
        3⤵
        • Executes dropped EXE
        PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\cookie.ini
          Filesize

          34B

          MD5

          3f4519b56cb1e006dfe4341e72112913

          SHA1

          0ff5675d359c898b6a6bdc1dff10f71097bc9927

          SHA256

          125adf4924899f2026436c0919853bb78b718c7cb6f2187148b01938b79388a2

          SHA512

          78c0961f0828f32032c643f0e6ab59d1ca8b96bb891a74b0b255e1a1a63a0c581f486e9e16b070399e6365d1fb53464eb2b723932480b41a2df5e9f1eb89ab40

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\cookieman.exe
          Filesize

          45KB

          MD5

          971f823fd8e60e25c16e41a71d58949e

          SHA1

          b89ad8fcb37f9e38c7bc1d3190dab1c01e800502

          SHA256

          60ab827a2b59dd548a989a4b997037acdb72c314051bd5167a1d7fa028c3a98d

          SHA512

          a068d63cd0b12d3a99f82e4bc36d0581155254781de2ac8c8ef02d2d371e0a4e5fa48ec91ca2e40318a178798ff3c1d1269b5cecc749c9ac168afba3293b7665

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0\autorun.txt
          Filesize

          136B

          MD5

          53158654a7c134fbe96a84b2826e3a1b

          SHA1

          dccf14c6fc16ae9cc420367e3a08c5f35732a2ec

          SHA256

          ba9317f30f79a72a5670152a67deac19dd8fc35eb14706ee47b7330215eacf5e

          SHA512

          5a7581b636e1d32ef0c6aee3cae559d23b5a9e6febea4ef8a725de0fd8a988e25f9a12789703fafd614ac0cf81906e97995582b912da8f91af01988f0b1151a7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_139a19f0\wrapper.xml
          Filesize

          766B

          MD5

          7df4b6db3fbbd712d68509779b2ed8fb

          SHA1

          45567d458538587b85ac1dc399d66e5a56e77238

          SHA256

          357da15a7e543cf183942d2e0e125d8814dd2bdb225ac5fe7d1fae0601b4473b

          SHA512

          6af8c86f81a07b5b7ea61bd11b64d3af1d92edddf80bd8ff28bd3d299cca86e8fc6007bb1c7be963715b439a16254136cba9aa9afb09ccca05eb111420c64c4f

          Download Submit