Analysis

  • max time kernel
    148s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 03:40

General

  • Target

    4a579b82b404dda9baa4565e6701ee87.exe

  • Size

    717KB

  • MD5

    4a579b82b404dda9baa4565e6701ee87

  • SHA1

    a2d068bd0875baed84153777a0052ddba54bfc17

  • SHA256

    108e077a393f52d496ae83dd05472ff3ccb3d469478309b1d49c70c93e1cf667

  • SHA512

    45e526cb052c7529a8ea8354f841c29383d9971d86c12ae13227a7643a7f5405babc67ae9e3351be7d9179bbc0bfc11f24101804a9494f3db0b97ca688189102

  • SSDEEP

    12288:BKnekrL58xwokOTtwN6jBFyy26caMHC2N8+NALWKrYPTDN89Q4SvrM4ykAznsZHC:OLix4SnFDFcHFNASXbp89QHzM4ZAzuHC

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a579b82b404dda9baa4565e6701ee87.exe
    "C:\Users\Admin\AppData\Local\Temp\4a579b82b404dda9baa4565e6701ee87.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Users\Admin\AppData\Local\Temp\00294823\T4Xo4.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/T4Xo4.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:4388

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\00294823\T4Xo4.exe

          Filesize

          334KB

          MD5

          8300c91b40229b42301aebc6d8859907

          SHA1

          0b55e56a6add6b4dd4ceff475a0018a203d02a5a

          SHA256

          f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

          SHA512

          0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

        • C:\Users\Admin\AppData\Local\Temp\00294823\T4Xo4.exe

          Filesize

          92KB

          MD5

          ac22720c569c5178894c02e3d28582a3

          SHA1

          a946bac539edfea7b6af287e58d8bf111f6d8ce5

          SHA256

          43e80bd841ee840d321fc00aaf05d8b1274d2860aee407d956e3df7ff33a105c

          SHA512

          5f4dca640ee485e5a5ca14222cc46480c1a875a84869996f24d4edad86ff4ade53f53b5399c076680e3b5fc3ef382982750c4b50f0018847c03a5c915853b821