Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 20:57
General
-
Target
5199b147565b382d68e63f7d1d30926a.exe
-
Size
97KB
-
MD5
5199b147565b382d68e63f7d1d30926a
-
SHA1
ecfeeb0b7620cd0e48ede66e832373336d108790
-
SHA256
477a255eb42308eeb8e4ac06e706a9781c1298517f012858fe210d8cf50f56f7
-
SHA512
7830a820ba1fc37a6ec6fa94ab7ac99eab425266ef49977f8e3530cbb635a6047bf0fe981685d5e530539f278afcdc5c844c32763d6145877e3ed3b7dc15ce60
-
SSDEEP
3072:SKcWmjRrz3JeqNmuLwpnPiPDjxB2+aFj1EoMI:hGUqNmJZPIj768I
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5199b147565b382d68e63f7d1d30926a.exe"C:\Users\Admin\AppData\Local\Temp\5199b147565b382d68e63f7d1d30926a.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\NApHQcVfEqDb0yz.exeC:\Users\Admin\AppData\Local\Temp\NApHQcVfEqDb0yz.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB