ee65e9d7a7bc9d17e894e0b775fc0bbfb35e72c65c3d768e34bfe059d521cc16

Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
Size

924KB
MD5

ec9c3efe831aaa203058927df7de6138
SHA1

b77581e047551a70aaba0db7a57349136bd9e411
SHA256

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
SHA512

0d5aedcebaa660f345c549b9ae07b4d18fc01b563907b378c1cd905029bb0c6f6849e0f03c7c4a724c3448eb9c693138265a0b0129a298af3aada9bb0f447d6a
SSDEEP

12288:tZqu3sRwqpxGCMF3dera2ybCPWy5SqZWj+6GJZy82VS1ToBgdoByOHGae0r2ivr:B3yEoro2PEpUA

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Audio Driver HD = "C:\\Users\\Admin\\AppData\\Local\\Temp\\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"	63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

pid process

2212 63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

pid	process
2212	63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
"C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\RO160mz.razy1337

Filesize
144B

MD5
894d7c90110361650ea494c5b5d15078

SHA1
dbba07d6f4408a27de7b1e0df9aafd69dec49207

SHA256
41790e53bad55a3d220c1cb77fa4ad0aa85ec2d63dcb19ba20e9063918c524ab

SHA512
f2b4f813e914e2d64fb724fb9c44d37aa6549cc7826cacf0d68fa1538e78e59dfc48dea0c1cf3d214579042da79788a9e5544a6ba53849581115fa02329689ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\c8I2yT8s75.razy1337

Filesize
144B

MD5
24b127504b523fce39c6c3ae9d6e5566

SHA1
fb9dd99e46c2851dfc38eae308fa216abad5c5fe

SHA256
59db62ab08ffead53e0e4981f6aeb17ae779bbdb74dd5d9003e36830f6ac90c4

SHA512
293a911aaab3f710220c1b81be14265747922549ada62f56727bb1b67dc87d9cf49110bd11a4591db70ec604d0aae0a260bbdefdb2410854ac743f814ac3ddaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\lggbEqkFRin.razy1337

Filesize
160B

MD5
b14ec93b903daa876aeecdabfe634b35

SHA1
bf27191422fd5968091931a5c7ad30163799fa7d

SHA256
0f6efadaaabac1584f315d32ae605ccada246166465696c0d5e8057847edb833

SHA512
e41b9e42b05afc2b90d299453035787dc883275b47b340b6e70f2b9ace2e30c0cfb85ec43f70d2c1e0c10032d8f36f8003462fa87a6d57424e781c393bea26e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\0EuDbj85.razy1337

Filesize
8KB

MD5
339a17e871aedd204488159b3d4de3f3

SHA1
36094dd4169afdbd68727c45045a7247a2b918af

SHA256
9463e57c5f0f02ae95e7cfa18cbe93e1dc1083b58a3d4589934776daa86ac5e1

SHA512
79afb6b32e4a738a2b049484d8a98dbd85748153778cd31b5098ff3cd5a61c660fbcea28ce990f30908efbc19730ec39d1bb52c92670ab6b5c282ff44cdf60a2

Download Submit
memory/2212-0-0x0000000000F60000-0x000000000104E000-memory.dmp

Filesize
952KB

Download
memory/2212-1-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download
memory/2212-2-0x0000000004870000-0x00000000048CC000-memory.dmp

Filesize
368KB

Download
memory/2212-3-0x0000000004920000-0x0000000004960000-memory.dmp

Filesize
256KB

Download
memory/2212-4-0x0000000004920000-0x0000000004960000-memory.dmp

Filesize
256KB

Download
memory/2212-37-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download
memory/2212-43-0x0000000004920000-0x0000000004960000-memory.dmp

Filesize
256KB

Download
memory/2212-48-0x0000000004920000-0x0000000004960000-memory.dmp

Filesize
256KB

Download