Overview

overview

7

Static

static

7

a4bac2e362...88.exe

windows7-x64

7

a4bac2e362...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4bac2e362f95cf68856aaa1a3abb488.exe

  • Size

    113KB

  • MD5

    a4bac2e362f95cf68856aaa1a3abb488

  • SHA1

    c4c768cab5225887aa0f6a39f059cfc66f7dc505

  • SHA256

    80df5b46588be40b928b6f0ec9aec01cea118ff31e78d119600451324d759eb9

  • SHA512

    183e1f58725cee0d608be7b713b9a27dfefff4da0810f0c89f558ae40a1a141083010777c29291bdce45aee6cd1c437c2b7c971db37af23850aaa1863813ee15

  • SSDEEP

    3072:aDOkexJLFdrPZ1Tj4mYWR/R4nkPR/1aVuyJMO7Oih7vC:aDOxZXPIo5R4nM/40yJMO7vh7a

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe
    "C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe
      "C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe
        "C:\Users\Admin\AppData\Local\Temp\a4bac2e362f95cf68856aaa1a3abb488.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian action blowjob girls cock .zip.exe
    Filesize

    244KB

    MD5

    3ac91f7c304e34e0590543e14283e161

    SHA1

    85e7d03ba28a9f760284e0f56c4cc07dc2c93572

    SHA256

    94b5beb32b52290e888f468ca50a11a4c154ca2bc71f1b93e10134003c21e930

    SHA512

    102bdefea5b875fc56f60f28f83d030a6f13fe6a7997ebf7edd48fa32bb71cf23aa23c40fdc8a6a601b8d6a1f0086c78bdb0da1f2123981ce7eb95867de81ea9

    Download Submit

  • memory/880-131-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-117-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-89-0x0000000005190000-0x00000000051AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-114-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-143-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-104-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-107-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-110-0x0000000005190000-0x00000000051AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-140-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-111-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-137-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-122-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-125-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-128-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/880-134-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1900-92-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2960-90-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2960-91-0x00000000044D0000-0x00000000044EB000-memory.dmp

    Filesize

    108KB

    Download