Overview

overview

7

Static

static

3

6f06ffa588...47.exe

windows7-x64

7

6f06ffa588...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 03:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6f06ffa588a262f29d5294951d46ae039d68d0d01d4cde82132912e8e537c747.exe

  • Size

    1.8MB

  • MD5

    2532418967ffd9713a5b813d159bd3cd

  • SHA1

    417e591b7d239570b0a5cb3ffcef9b1610cb6e26

  • SHA256

    6f06ffa588a262f29d5294951d46ae039d68d0d01d4cde82132912e8e537c747

  • SHA512

    983bb104c33bc34508b8d14b0b45ab97d53f9b340fc107bb921826f79b26f30df94180117d60efa74613bfe70450c9fcf8a97195ac4c0342f5a705b22819dc8a

  • SSDEEP

    49152:ux5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAP/snji6attJM:uvbjVkjjCAzJqEnW6at

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 9 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 16 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f06ffa588a262f29d5294951d46ae039d68d0d01d4cde82132912e8e537c747.exe
    "C:\Users\Admin\AppData\Local\Temp\6f06ffa588a262f29d5294951d46ae039d68d0d01d4cde82132912e8e537c747.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1836
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:4456
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:3488
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:5080
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4912
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4916
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1608
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:1008
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4432
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:912
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:3904

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
            Filesize

            1.2MB

            MD5

            bf227df65d0f6ebee683b61e555cddbe

            SHA1

            fdde3ae258781bf8d77a0506caf4e11e1659a9fb

            SHA256

            955ced9aeecc7a0fe487c3f5574cc9c97c0f59222bdf086cdf8dd5f777faabdf

            SHA512

            ff160ab16d54cfe43234b42957902fb04526ebbd505aa8f6717b1fd51b956ca6852ddc07930eae907f351b41be912fc498a777ca0ea7ef836b75721ca031559f

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            1.7MB

            MD5

            73bf82907a609c37a2d23f543abcf310

            SHA1

            398ecc9b66e69bc99566409984b2db6e80533d49

            SHA256

            66e098a2ffeefe1c9751d53d6a6bd071beec4e82dfc0adc902f7ba6b1c0a9e3b

            SHA512

            bbb1881d9aff00b8b8f0725e093ed75a12d1d604b25df44c0d0ec86f2a1e584826a901da0282cdfe4d3819de8d53b252ff12426cb1318370b04c0af20eca3b7c

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            192KB

            MD5

            d977f2603b710acde0b79caed3241db9

            SHA1

            b28281303d26d5b0b52a371a2c3d43cef7a7b0af

            SHA256

            f9f463d6c00a8737c8f6ecc1807cfca5149552482c49b825bbeef5f85f430c48

            SHA512

            1c3c7242c826c6dd16fa3fd113b1f909797b1663aaf6d5f42bac53fcfd863bd67757e2c3f4e45f491cc7b86432add847dbd90f006d32d6978924f0004bc404cf

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
            Filesize

            1.7MB

            MD5

            e808e110de89e1c903e566b010090a2b

            SHA1

            3626657be13d4cc694214fb518dd379d94232405

            SHA256

            1414756819603d6c4edffd49d4c1c4ab2a4ae99abdb0c1a11f4d5691865c5bcb

            SHA512

            cb16b53e9c2714033ea56eaa1c3a5390eda705090df0d765a080cebb1665ea659fb7a81b12bbd9dace2630c769483d4e5507aadadff796d3570328440d5f1ab6

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            2.1MB

            MD5

            42d6311baa451a018ca1d385461db552

            SHA1

            3014c3c7b819a1bcd6a05c0b5151af8012218c1a

            SHA256

            2b1500b2532dc38b663d0050b9ce20af326b171576c714d4eb8cd73709ae74f9

            SHA512

            ab1ebffbb9c688191e8f8e7d55354dd08a19dd9222abcd43d3b40002641084b1699bc3e514781e4331620a97b01447827e59cb42f91a55fe0e815f07cc758194

            Download Submit

          • C:\Windows\SysWow64\perfhost.exe
            Filesize

            1.2MB

            MD5

            f697922f5ff1bba58a194e8f9f2736c0

            SHA1

            0d0434b1b5e08218670c6d0ed1fb96e411b95ece

            SHA256

            3460d924e21a7bd70003357f9f0a0238631f973f0b26b49038c999fb77273443

            SHA512

            4594d8a30fcaa1e481ec14df9877c3fbec0a5102b1b3eb7f8ec95a3d0afe81ff1deeabbff01d7b8739d3dbee2ff74f26e08b938d0ac13f163c957d31eba6e381

            Download Submit

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
            Filesize

            1.5MB

            MD5

            0e592b8a8b20fd1f45bcfb051dc57693

            SHA1

            238878f276e35c984475abe86ecc4935f394c10a

            SHA256

            ca4f1d38c6dccfda8c4296c50bb960c40ff5d05444a9173271be6b4be2b6b386

            SHA512

            0cec0a472acd346f8a079007bcedf2017072143fca2e678d235b8e27ada3415f8b9f56e4e64c407d2d4e859038de577c4c2728357c48fe96563b5fc0f89b1fc9

            Download Submit

          • C:\Windows\System32\FXSSVC.exe
            Filesize

            1.2MB

            MD5

            94df27c282f72b5f51d80d564021e040

            SHA1

            0dca33838bdbd444d0f4100f28209094107e50af

            SHA256

            ee4c1235f5df78b506097f19ed0a4f198b42cfaf81140d60db22b4005eab6641

            SHA512

            d5594c7163238724b9261197444826c95a824fea2f2aa0a6e816c8553690ae5a9e5e440d75ffa4a4775da9e0d85ca91fac5c0548fd5d179d82776f1723aa720f

            Download Submit

          • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
            Filesize

            1.6MB

            MD5

            56bd9e9ef71646f6d41956041d35542a

            SHA1

            ce45fcfcd745371189cf21d13c99f0735556032b

            SHA256

            f4a03671e01e8fa7284a07eed079a03fb4e7729bc9c41132146478f349884685

            SHA512

            d3f75f3f5520afa66ccc3bcd34848012247a5227fb4cf340deeb8b3e33b2eb8a050a7ef2da45e871f9ac2ed889109423858bf5a6d218a112a60697b98b6955ca

            Download Submit

          • C:\Windows\System32\alg.exe
            Filesize

            1.5MB

            MD5

            e4ba65c9835b213772e542f58656b885

            SHA1

            d4e5335c54d4271398ba7c40b17e422e201ae22a

            SHA256

            dcb5c092c99942fa020a5322a89085c1a149ddd2c562b5cf680c533ae62a1285

            SHA512

            69d37281820b27767b80eaea9d42e5f9f1bb0e6cf9f891c15cfb014f8e4a26eb468923a4e6b622e33cd159bc40a6af37f6f118a135bad4f96fab439ba216b8db

            Download Submit

          • C:\Windows\System32\msdtc.exe
            Filesize

            1.6MB

            MD5

            ba1d6749d992d310aa79139b54f14f05

            SHA1

            cb73e681fe3f43bae53aa11e2a81e8f107805d60

            SHA256

            4d8de8495649d3345dbeb1d3fa7125d4b709e860a7d54a2ee761db298a1eecf4

            SHA512

            74a2eee1e49bc182bba32f7bcbe8b76f5988020c93f131d86e82ad3405cd4d0124bcef68e70384eb9c59566573078a4d51d1ef210397ce4364d9c72c613b6e93

            Download Submit

          • C:\Windows\system32\AppVClient.exe
            Filesize

            1024KB

            MD5

            2dc22eb336b2c0f219f68071ea5426a6

            SHA1

            92e9a22ba30a53c92accca1b7d67bd0c0289fbbc

            SHA256

            010a0a8577ebac035287354bc8a99107c5e8e45af25828cc37a3d438502614b4

            SHA512

            faddbe21f5d5c15dbaab195bfd1221c58ca3fd3dab4e9fe20b4d68fe58339cae9a5d5f65ad76a7f4ddcdec29884cd9ec84190314bccb5dd9ac37454b584944bb

            Download Submit

          • C:\Windows\system32\msiexec.exe
            Filesize

            1.5MB

            MD5

            51493c850e73de93320f57a73f131537

            SHA1

            8dda6e787c514a432992ee73e0354cff323525b5

            SHA256

            06e2b7158847cf9fec42f15be0b03c91fb847eac65ea93ca366378afecf8dede

            SHA512

            41b78af8f28a1a2f982b60d0023967c5485994744eb86f94e1d8c642f2cd872647fbf4d985176c8e5957ab31535eb556e28bfdf4cf2103575da429efc67f018e

            Download Submit

          • memory/912-156-0x0000000140000000-0x00000001401B6000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/912-153-0x00000000008C0000-0x0000000000920000-memory.dmp

            Filesize

            384KB

            Download

          • memory/912-147-0x00000000008C0000-0x0000000000920000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1008-137-0x0000000140000000-0x00000001401B1000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1008-136-0x0000000001A80000-0x0000000001AE0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1008-132-0x0000000001A80000-0x0000000001AE0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1008-125-0x0000000001A80000-0x0000000001AE0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1008-126-0x0000000140000000-0x00000001401B1000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1608-120-0x00000000001A0000-0x0000000000200000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1608-121-0x00000000001A0000-0x0000000000200000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1608-116-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/1608-257-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/1608-112-0x00000000001A0000-0x0000000000200000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1836-1-0x0000000002480000-0x00000000024E7000-memory.dmp

            Filesize

            412KB

            Download

          • memory/1836-6-0x0000000002480000-0x00000000024E7000-memory.dmp

            Filesize

            412KB

            Download

          • memory/1836-0-0x0000000000400000-0x00000000005D4000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1836-255-0x0000000000400000-0x00000000005D4000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1836-113-0x0000000000400000-0x00000000005D4000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3488-15-0x00000000006C0000-0x0000000000720000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3488-23-0x00000000006C0000-0x0000000000720000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3488-18-0x0000000140000000-0x0000000140190000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3488-155-0x0000000140000000-0x0000000140190000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3904-237-0x0000000000BB0000-0x0000000000C10000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3904-160-0x0000000140000000-0x0000000140192000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3904-185-0x0000000000BB0000-0x0000000000C10000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3904-288-0x0000000140000000-0x0000000140192000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4432-141-0x0000000140000000-0x00000001401A0000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4432-263-0x0000000140000000-0x00000001401A0000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4456-140-0x0000000140000000-0x0000000140191000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4456-11-0x0000000140000000-0x0000000140191000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4912-97-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4912-96-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4916-101-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/4916-100-0x00000000007E0000-0x0000000000840000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4916-108-0x00000000007E0000-0x0000000000840000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4916-238-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download