Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
16-01-2024 17:15
Static task
static1
Behavioral task
behavioral1
Sample
606db2cb19ad7f8e3d20b633a8872330.exe
Resource
win7-20231215-en
General
-
Target
606db2cb19ad7f8e3d20b633a8872330.exe
-
Size
7.1MB
-
MD5
606db2cb19ad7f8e3d20b633a8872330
-
SHA1
3228f2b1051fa71f33a3ffe6e6cf385b1617e175
-
SHA256
138d8ab76f76ab69c33c1606de29083ef561d98c08350af91849f1dd1bf16d10
-
SHA512
44438e9ef0cc1211a6be7c861b5a321f14993252030c6a25e981f2b500edb8eb4f083d32c009c5eaee808018958e8fd04cdc4675010c87bb3ef3ac654a1cd8ea
-
SSDEEP
6144:1OsE5m1O1B0Ln62oeD+ceV3DZgCtCFOzmoziZ+1p24u4Z3bF:YsZA0Nf+rxDCcnzmoziZ+1p24u4j
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 6 freegeoip.app 7 freegeoip.app -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
606db2cb19ad7f8e3d20b633a8872330.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 606db2cb19ad7f8e3d20b633a8872330.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 606db2cb19ad7f8e3d20b633a8872330.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
606db2cb19ad7f8e3d20b633a8872330.exepid process 2708 606db2cb19ad7f8e3d20b633a8872330.exe 2708 606db2cb19ad7f8e3d20b633a8872330.exe 2708 606db2cb19ad7f8e3d20b633a8872330.exe 2708 606db2cb19ad7f8e3d20b633a8872330.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
606db2cb19ad7f8e3d20b633a8872330.exedescription pid process Token: SeDebugPrivilege 2708 606db2cb19ad7f8e3d20b633a8872330.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\44\Process.txtFilesize
415B
MD54683526c3bd10c0ef561561d17f1122e
SHA10d20dcbc447c91651f84fc4487636a98824895ad
SHA25669f364a09d0962891c2e170280f23af88867668325a6ff93fca85abab8e02abe
SHA5125e37f264f90e979f37cf608c3cc77ab324771a5a4c3f725555094b65fb6d79f3d1665facd1364acdb58cd3ab28e84de7b722427ccf258f2993966b160306783a
-
C:\Users\Admin\AppData\Local\44\Process.txtFilesize
745B
MD5784c7805ad2b672c37ed7c7f85a1ad4b
SHA1767751348e5d06eb0022d3219198134ec41c9965
SHA256400ac8e0f15ecd709c97a7c39c509fb6c48cf968a6a70a3f23d13ca923c0f513
SHA512a1c087efd248f07cf17cf7d0d3e8154f0c0059a7ee795ae804abfa885f5898750f2bf516064ab8f1aa3d05023b0a74e4fbb176b2ae05ed57b2d8f8750333863d
-
C:\Users\Admin\AppData\Local\44\Process.txtFilesize
1KB
MD5acb50d42a03bb4a9055e433d0c05663b
SHA1b96dfb2aaa4e3795490b9e2c1445d1826ba5ece5
SHA256f53a6a9558ef9bf1bcce9a6fecb90acbd4ed79c24ac336ec935c7a4a075ff490
SHA512427a00ccff692cfaf1c0d3a40ea3deda0c4ed0ee94d441f95b28b3bca869246c7075e62aa3f7e89fc51faa43d320e7bc1077d340a8204847b6c477575de9ac71
-
memory/2708-0-0x000001E448160000-0x000001E4481AE000-memory.dmpFilesize
312KB
-
memory/2708-16-0x00007FF8BCB10000-0x00007FF8BD5D1000-memory.dmpFilesize
10.8MB
-
memory/2708-17-0x000001E4628B0000-0x000001E4628C0000-memory.dmpFilesize
64KB
-
memory/2708-121-0x00007FF8BCB10000-0x00007FF8BD5D1000-memory.dmpFilesize
10.8MB