Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2024 03:07
Behavioral task
behavioral1
Sample
3bba813ba5e9e0e41e16ca35b3f1931c.exe
Resource
win7-20231215-en
General
-
Target
3bba813ba5e9e0e41e16ca35b3f1931c.exe
-
Size
6.5MB
-
MD5
3bba813ba5e9e0e41e16ca35b3f1931c
-
SHA1
4f6fb92c527e7fa05a08e20192951ff5edca250d
-
SHA256
2716768423878309c0796b0de66fb9ae63d78ef0a043e69d3708832be04b4c26
-
SHA512
dc8ab81f60387dcdc5d737e57fa1df2615308c3749c8d53199ef6a5e702b2eade0a1513deb63f490bee48970b964d5223b08929f05754450e06074e69ddc14aa
-
SSDEEP
196608:78JPmCsXDjDyf6L2WliXYrHW1LShKSapR:sPmCEDVL2ciIrHWRShKp
Malware Config
Signatures
-
Loads dropped DLL 13 IoCs
pid Process 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe 1708 3bba813ba5e9e0e41e16ca35b3f1931c.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 7 api.ipify.org 8 api.ipify.org -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2732 wrote to memory of 1708 2732 3bba813ba5e9e0e41e16ca35b3f1931c.exe 89 PID 2732 wrote to memory of 1708 2732 3bba813ba5e9e0e41e16ca35b3f1931c.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"2⤵
- Loads dropped DLL
PID:1708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD518049f6811fc0f94547189a9e104f5d2
SHA1dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6
SHA256c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db
SHA51238fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7
-
Filesize
124KB
MD57322f8245b5c8551d67c337c0dc247c9
SHA15f4cb918133daa86631211ae7fa65f26c23fcc98
SHA2564fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763
SHA51252748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2
-
Filesize
64KB
MD588e2bf0a590791891fb5125ffcf5a318
SHA139f96abbabf3fdd46844ba5190d2043fb8388696
SHA256e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6
SHA5127d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf
-
Filesize
78KB
MD5478abd499eefeba3e50cfc4ff50ec49d
SHA1fe1aae16b411a9c349b0ac1e490236d4d55b95b2
SHA256fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb
SHA512475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e
-
Filesize
151KB
MD5cf7886b3ac590d2ea1a6efe4ee47dc20
SHA18157a0c614360162588f698a2b0a4efe321ea427
SHA2563d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c
SHA512b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81
-
Filesize
92KB
MD55d7daadf527029fa00dbb7a0d31a8118
SHA15994df7d653c6c54d0de9e4f218aff3bbae0fbb9
SHA256ff753f99c98ae8d21a72780735041563f54a0d7863c09a598b76601bb7bda03c
SHA512dd59a3219c714ec574814cecd9afd1a6fc2d58332d6a21e01f5c23b0045917e3b277e9afb3c6090f508e12cc9f94e589a74ac5f96e734907bebb96e226dec29b
-
Filesize
763KB
MD5c6b38adf85add9f9a7ea0b67eea508b4
SHA123a398ffdae6047d9777919f7b6200dd2a132887
SHA25677479f65578cf9710981255a3ad5495d45f8367b2f43c2f0680fce0fed0e90fb
SHA512d6abc793a7b6cc6138b50305a8c1cad10fa1628ca01a2284d82222db9bd1569959b05bdf4581d433ff227438131e43eec98bf265e746b17e76b1c9e9e21d447d
-
Filesize
381KB
MD5d1338c17c4c17bd95f6b95002f119357
SHA1560a21b32ade7ab5c5691a4ce47ab313ec2f78d1
SHA256a8282062fd3b5221d8ae1e3ad70f94743cf2e4c00f13b862e984dee33ed48d47
SHA512527ef8f67ac20bdd128e65571e2b7e81d7b33d20abebbe180895ae63e8f0744d2c1d3577c3e37ad2c32a5acf2b664411b3425e8ae43dc72a97e426e77c5fbc4d
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
92KB
MD5c2bdd661f566f94d099ca541ddfd9624
SHA1b5940c09f2f9eb4e88a916cf81f4f3f94c53d876
SHA256dcae322b4df573681359c0b830f510fc28a4214f6e46e1c8551c45043b6b9261
SHA5121705716fabc10cb45dbd2a7756e3ee7883681db4d3e4018d6eb1b2c1c320e87788552074686195cdd5b34725d4339684cafe273c404a2aaa64933d0e9fe01d23
-
Filesize
3.0MB
MD5883f8245bcbeb4600877a849321aee9b
SHA102c2e7fdf626ccdf0935e0f60651176446b7f522
SHA2567e72669a13f9d57b528624a52f923cd3bc2ece2cbf843b00f3689173ffce7839
SHA512971be438c999a7356f9fa2c9d3b0ab5776b0b6297571ed9a93f1965f481aef08bc4e7e820e7f05255c4a525b1959426ba013cb0d409540a7562c0e5b1f6056d2
-
Filesize
2.1MB
MD5b683da4b984cf8481abcc2d2ed9f7470
SHA1594c3e7a3a0458996ec91de9e498c3fa7a2ab08a
SHA2568ca67b333250880af29657acbe298b05c5af4e5cc2f70b82facc10ad0f2c68e7
SHA512f601733fa7f0cf7029aec8e5b770118d3c8e130929d342bbe313baf84dc433ffe1b3a444824fc4be1ce249ecc2cd16742216b85c51387c984d9f67bc7baa3bcb
-
Filesize
28KB
MD5fed3dae56f7c9ea35d2e896fede29581
SHA1ae5b2ef114138c4d8a6479d6441967c170c5aa23
SHA256d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931
SHA5123128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff