Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-01-2024 06:50
Static task
static1
Behavioral task
behavioral1
Sample
55c61c75644d75f6db561a8fb294876b.exe
Resource
win7-20231129-en
General
-
Target
55c61c75644d75f6db561a8fb294876b.exe
-
Size
630KB
-
MD5
55c61c75644d75f6db561a8fb294876b
-
SHA1
26c72345b1d08ca1f2078f071674dfd01610e313
-
SHA256
0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b
-
SHA512
8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f
-
SSDEEP
12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq
Malware Config
Extracted
cryptbot
ewakyc72.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2172-2-0x0000000000220000-0x00000000002C0000-memory.dmp family_cryptbot behavioral1/memory/2172-3-0x0000000000400000-0x000000000146F000-memory.dmp family_cryptbot behavioral1/memory/2172-226-0x0000000000400000-0x000000000146F000-memory.dmp family_cryptbot behavioral1/memory/2172-231-0x0000000000220000-0x00000000002C0000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
55c61c75644d75f6db561a8fb294876b.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 55c61c75644d75f6db561a8fb294876b.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 55c61c75644d75f6db561a8fb294876b.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
55c61c75644d75f6db561a8fb294876b.exepid process 2172 55c61c75644d75f6db561a8fb294876b.exe 2172 55c61c75644d75f6db561a8fb294876b.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
179KB
MD5c7c7d627bda13c1cd83f876442900fb8
SHA1a0e7b8e5e6d0f6b9ef28fbae93179838e809a533
SHA256c70489337264a2710d895e1b563a79af711c9d5ce09e55451c2bc39b4dfb2662
SHA51266013861b7ef28468225bc6da4c9ce4e044b53a6534d015431bcd195b491b9894e44cf4e44eed8cc57d8be07d145a8fc065d0f8c3270f9cf0e80a7bd8d8fd876
-
Filesize
1KB
MD58009fb1c12d7be5101187a026c123c80
SHA1484452d70b1ac092b13f5fc56cec6168b76a898a
SHA256c8709e0a7a8fbfbcf952db73ab3260244719c699261bbc0f8d865e11f384ebd6
SHA512f5a8e8375333e2d3412a0023f8019a87bc598a3ba8a181dfae65fc74efd8d3a4e7dbaaa876accf25cb535837ac59974df460eacccf01bdd396f7a70b8556e4c8
-
Filesize
42KB
MD52ab6551c2924f90d251fd0976d959dd2
SHA1ddfdb2402da8f4b41da3b5c38dc0d0680bda1b17
SHA256f652109d32ba927c78832c594943fd997b7111538c3ec8ad29da0ef115e8c164
SHA512a16052d199bc4e10dabdd0915da47ebcf2fbf014112cad40870382afe8e2195ea29010369e5b6986ea5d3150f15556d65bb7dd669960f381a21a75c8cec16c4c
-
Filesize
1KB
MD5e026ae81076f3cab22ec10f53346918a
SHA1e89106a1913121b6b70d3f2fdc84688be525fcb7
SHA256049c3fe73e47a9810a7f766efd092315692204cae20856a2fa7c9875033692e5
SHA512bf440b4ef61931c1fe6eea2de611854bee8cb942244c261225444070b9d5188caf19e2257e66887d444964b14116043fab14d3e83ed9d64933db0b6b491af4c7
-
Filesize
3KB
MD58b1dab7720f9c58cbfa9a690846fa9f0
SHA1e70f71bb0d0c1cbb29a1b2eee25c586501fc7e6f
SHA2561c312cfb347613f28020378db906d388d74778ede9410e73d46db9f2ce386de7
SHA5124b35d3dfd1a1b2a38363b6ebfa2c6b03586246183da5b727d4299f7078ea4931320de09556ade442b0a4ee78656e737cafb1bc9e3d583fb3c70364834471adba
-
Filesize
3KB
MD5f264453f660908e809bc38be7eec1796
SHA146c6e3b2fc6bc48da5421ecba4aa048575d975f3
SHA2567da216e6c0dc70db01e11f2191e57a5dc97848d5c593b1e88a28616f067f55b0
SHA512ab8e512bf518b7cda530ffa880b4bd3064078a6d31a21bd1c82024f12a56e4151bf3da7fb8254b877745f8b44c9213cb5a9edd66375746eef9fe07afb5a9a0c5
-
Filesize
4KB
MD54fb6d0b9edb3ed6274c1eafeb8cbadba
SHA10ccc5cf628b2b07fa0b50ee7aab539316514fda0
SHA2564729417be94eb783f952a9fa37394ccfdd14dc88dacbfb0127984dbd902015be
SHA512a0cc3ab0e4779a000e7a0747c2f745aae744cfcd50b35d914955ca8849b54181a512375e7fba5f49269c3fc39433265d5671d6f13a79315c898a57ca76e46bdf