Overview

overview

10

Static

static

3

37472a1bfa...e4.exe

windows7-x64

10

37472a1bfa...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37472a1bfa5be3fac348e24e3d2e92e4.exe

  • Size

    658KB

  • MD5

    37472a1bfa5be3fac348e24e3d2e92e4

  • SHA1

    0f61f0ab618017cd6122948628d2ff36d274ec27

  • SHA256

    18c491931287787e01064c705c8ae6b7befd908f32989155f6d2f1ee660ed2a6

  • SHA512

    18947f98a6019f34c63e5d8b414184c468bc148989e3c633435550a5db2a46d1c6d4b36b15ac67549085ebe0a05f0f28947995dcdeae23c3a980b88dda2779f8

  • SSDEEP

    6144:B9QA4vedjV+gzjCtJO4BlZixpv+B7/Lr4Jb9pNDRzfdP/1qWADh:LQA8YjV+gPuJDZiV+B7DrwlDRxY5D

Score
10/10
matiexkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

Signatures

  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex
  • Matiex Main payload 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37472a1bfa5be3fac348e24e3d2e92e4.exe
    "C:\Users\Admin\AppData\Local\Temp\37472a1bfa5be3fac348e24e3d2e92e4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sVzAYXoSuQ" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8F64.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1644
    • C:\Users\Admin\AppData\Local\Temp\37472a1bfa5be3fac348e24e3d2e92e4.exe
      "C:\Users\Admin\AppData\Local\Temp\37472a1bfa5be3fac348e24e3d2e92e4.exe"
      2⤵
        PID:2824

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2724-0-0x0000000074CE0000-0x00000000753CE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2724-1-0x0000000001160000-0x000000000120A000-memory.dmp

      Filesize

      680KB

      Download

    • memory/2724-2-0x0000000000800000-0x0000000000840000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2724-3-0x0000000000470000-0x000000000048C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2724-4-0x0000000074CE0000-0x00000000753CE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2724-5-0x0000000000800000-0x0000000000840000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2724-6-0x0000000005D90000-0x0000000005DEE000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2724-7-0x0000000005EF0000-0x0000000005F68000-memory.dmp

      Filesize

      480KB

      Download

    • memory/2824-13-0x0000000000400000-0x0000000000472000-memory.dmp

      Filesize

      456KB

      Download

    • memory/2824-14-0x0000000000400000-0x0000000000472000-memory.dmp

      Filesize

      456KB

      Download

    • memory/2824-17-0x0000000000400000-0x0000000000472000-memory.dmp

      Filesize

      456KB

      Download

    • memory/2824-15-0x0000000000400000-0x0000000000472000-memory.dmp

      Filesize

      456KB

      Download