Overview

overview

10

Static

static

10

samples (2) (2).zip

windows7-x64

1

samples (2) (2).zip

windows10-2004-x64

1

083e147374...08.exe

windows7-x64

8

083e147374...08.exe

windows10-2004-x64

8

12437a49d2...3d.exe

windows7-x64

7

12437a49d2...3d.exe

windows10-2004-x64

7

1945c44901...7e.exe

windows7-x64

9

1945c44901...7e.exe

windows10-2004-x64

10

2040fa2a3c...d4.exe

windows7-x64

1

2040fa2a3c...d4.exe

windows10-2004-x64

1

2b5109e9a2...d9.exe

windows7-x64

10

2b5109e9a2...d9.exe

windows10-2004-x64

10

3538750cfe...5f.exe

windows7-x64

10

3538750cfe...5f.exe

windows10-2004-x64

10

5d96952d47...5f.exe

windows7-x64

10

5d96952d47...5f.exe

windows10-2004-x64

10

63fb410fc5...22.exe

windows7-x64

7

63fb410fc5...22.exe

windows10-2004-x64

7

67beeb7a19...08.exe

windows7-x64

3

67beeb7a19...08.exe

windows10-2004-x64

1

6e5678ebd4...71.exe

windows7-x64

3

6e5678ebd4...71.exe

windows10-2004-x64

3

71506a3322...fb.exe

windows7-x64

10

71506a3322...fb.exe

windows10-2004-x64

10

734b9974ec...6d.exe

windows7-x64

10

734b9974ec...6d.exe

windows10-2004-x64

10

81a27b3dcf...40.exe

windows7-x64

9

81a27b3dcf...40.exe

windows10-2004-x64

10

a1bd0fa8ad...46.exe

windows7-x64

10

a1bd0fa8ad...46.exe

windows10-2004-x64

10

a465bc0871...e3.exe

windows7-x64

6

a465bc0871...e3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

  • Size

    924KB

  • MD5

    ec9c3efe831aaa203058927df7de6138

  • SHA1

    b77581e047551a70aaba0db7a57349136bd9e411

  • SHA256

    63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222

  • SHA512

    0d5aedcebaa660f345c549b9ae07b4d18fc01b563907b378c1cd905029bb0c6f6849e0f03c7c4a724c3448eb9c693138265a0b0129a298af3aada9bb0f447d6a

  • SSDEEP

    12288:tZqu3sRwqpxGCMF3dera2ybCPWy5SqZWj+6GJZy82VS1ToBgdoByOHGae0r2ivr:B3yEoro2PEpUA

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
    "C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:2312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\3LIgdkRw6W8.razy1337
    Filesize

    144B

    MD5

    4bad3c0ec7174eaa3eae636234a84200

    SHA1

    228eb0a370d3373c66682597c0e80a0126156e0b

    SHA256

    86103cf490a3409316407a52d21b55e812eb92bdf355e2e3392c8c7d7f57b3c5

    SHA512

    e5fcbaef01f7ac57e41da84f547e46215127ba140bcedbd58d2ea7c90e2d4d9b8aeebb676517a3e4eefd7de170ca66b36982cfbba51f992c5739e62598d88869

    Download Submit
  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\R2ReZwJm.razy1337
    Filesize

    144B

    MD5

    477ed9e10e16d5bc0256f326c8ca852f

    SHA1

    798ba97994434fc461f60b3ccd1d5d9ce44fc648

    SHA256

    aa147e2324fce6c8a32ca9e0bd7edd3dddbc413fff2d836c6e3fa7288ebeb115

    SHA512

    10cd28e91f3e7571da5981a6294a4a99e1d832a5bae1d081492552ce072c65afe59fda72b0944b7f59709f4c96f5dca5aa970c9801a2249ba703e74797f588d0

    Download Submit
  • memory/2312-3-0x00000000099C0000-0x0000000009A5C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2312-4-0x0000000005270000-0x0000000005280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2312-5-0x000000000A010000-0x000000000A5B4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/2312-6-0x0000000005440000-0x00000000054D2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2312-1-0x00000000751C0000-0x0000000075970000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2312-8-0x0000000005630000-0x0000000005686000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2312-7-0x0000000005400000-0x000000000540A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2312-9-0x0000000005270000-0x0000000005280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2312-47-0x00000000751C0000-0x0000000075970000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2312-52-0x0000000005270000-0x0000000005280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2312-58-0x0000000005270000-0x0000000005280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2312-2-0x00000000051E0000-0x000000000523C000-memory.dmp
    Filesize

    368KB

    Download
  • memory/2312-0-0x00000000007D0000-0x00000000008BE000-memory.dmp
    Filesize

    952KB

    Download