Overview

overview

7

Static

static

3

42225c3a51...83.exe

windows7-x64

7

42225c3a51...83.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 22:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    42225c3a51b12d47a4258a08a247a083.exe

  • Size

    870KB

  • MD5

    42225c3a51b12d47a4258a08a247a083

  • SHA1

    9ae960c7c69bad51da4ddbbbbc0c6600b40a0e4f

  • SHA256

    8e73fe7dcd1e6f290f0492a064da433a7401a99be1dd9acb7f6a04dcf34ab7d3

  • SHA512

    87c076ddcb6b17c90edbf16bd294308874c83debee817bfd71e24d10381df768822a71507c2f46cb3c85db3b9bbe7853e7feb525bc2de0ae61a1f37ba9b911bb

  • SSDEEP

    12288:9pkuu4SughmvmaDtCN/LTSAUc24OszNb3MiTdBxFVCQyWxUYA5E:Tkuu4F0mrDC/LTTQv6qiTdBv7dzA

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\42225c3a51b12d47a4258a08a247a083.exe
    "C:\Users\Admin\AppData\Local\Temp\42225c3a51b12d47a4258a08a247a083.exe"
    1⤵
    • Adds Run key to start application
    PID:1264

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1264-1-0x0000000000400000-0x000000000060B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1264-0-0x0000000000940000-0x0000000000941000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1264-3-0x0000000000400000-0x000000000060B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1264-2-0x00000000003C0000-0x00000000003C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1264-4-0x0000000000400000-0x000000000060B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1264-5-0x0000000000400000-0x000000000060B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1264-6-0x0000000000400000-0x000000000060B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1264-7-0x0000000000940000-0x0000000000941000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1264-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

          Filesize

          4KB

          Download