Analysis

  • max time kernel
    154s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 06:01

General

  • Target

    55ad5511c274efcd7a9dd6c30099fdcb.exe

  • Size

    7.6MB

  • MD5

    55ad5511c274efcd7a9dd6c30099fdcb

  • SHA1

    5f6dab14077c666d8038d7ec1ecd5d45172408bb

  • SHA256

    bfe6020f35c465bf683a53a3be8e59ea595e6a2a8b5403f4b1787fabeb2b4b56

  • SHA512

    ed011d25d0672b80096d2691bdff4adc41cb19817761fedf277d1f91df7b0aebecfe97c11da52b77bcc36e040c12aff1328db414c4c3577f4a6ab82ff2f26fb9

  • SSDEEP

    196608:tvcG0tb8P1EYNLGwSzqJ4dUEEyFKKYA/YeVI:SG8bg1Ecwn5ElURVI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 19 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ad5511c274efcd7a9dd6c30099fdcb.exe
    "C:\Users\Admin\AppData\Local\Temp\55ad5511c274efcd7a9dd6c30099fdcb.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4140
  • C:\Windows\servbrow.exe
    "C:\Windows\servbrow.exe" /Service
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Windows\servbrow.exe
      "C:\Windows\servbrow.exe" /Popup
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:1428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Mozilla Maintenance Service\Ws2Help.dll

    Filesize

    7.6MB

    MD5

    28491017ac36f17509a2a209da99efda

    SHA1

    12c9a27204b91d7abe290651d8412b3ce9959f29

    SHA256

    3a534fffab40ac4d00303b1ba65a5aa6cbb4b5f8b2321a49d4b36ee25e39ff4b

    SHA512

    fa3e1a717d24b549b0dd26cbdbf9074296bc209935fc1bfb228dd76e0cb7f4540d6ab88a0ff9a0324eb0809815d8fa6978e70f246067be147ca610f4c4f6cd06

  • C:\Windows\servbrow.exe

    Filesize

    2.7MB

    MD5

    1c0fd8f315c56ed784e3661decaa4f95

    SHA1

    4d47fd2185ec6705c8889107259940c18dcea27d

    SHA256

    3ba48b7fd7532d00d8f76114dcefb377b4d2bbe85f13ec064497e0e83b1b6c73

    SHA512

    e6f6bfccdba48609900c141dc07f37fc6d5bb1b3834a52c207eb3b01e6250c2bd41878cd9cd303057c4d47cebfab5cfa282db581bb701d0a49b072b63ef2d17e

  • C:\Windows\servbrow.exe

    Filesize

    2.6MB

    MD5

    ae0b12f04f64e1849747ec6fe350ac77

    SHA1

    91c68a17922169a902fec34c66d7fbc56c511bfc

    SHA256

    9b8862ab4c95ac2e245b923e0144f465c5dec3e98a42af2887caf22c6442b046

    SHA512

    c46a7537cf74172e90d394632eec9c29b0711f5e42a1d46b53733bd886037ae2e6637e91c1a511cf620599c2644a42c8eb5d6a62319f0cbce558be4e91f30016

  • C:\Windows\servbrow.exe

    Filesize

    4.9MB

    MD5

    2f7cc6613ab44cc8f430a82a499be23f

    SHA1

    3465692df4a8369ef896f08380dcf3b580cf0cc6

    SHA256

    9ffd57aeec3af9e5f4a17628df4e74706bdb12d4629d1bef15c4e519425aef43

    SHA512

    c0cbaa36b71e53c399d7058de010369f2d06b927157280062a66b8fc267b51cfe4d652ce4d056d1c67ff79fc37bc097b8794547d9b3264f72a61d74551fa23ff