Overview

overview

7

Static

static

7

6666bd2d13...04.exe

windows7-x64

7

6666bd2d13...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6666bd2d13471383d519373f4c8f9704.exe

  • Size

    854KB

  • MD5

    6666bd2d13471383d519373f4c8f9704

  • SHA1

    c284404141fc9e6f4f907cc1b03f674312227418

  • SHA256

    bbef6fa7c85592e91e6d07b34a82f4c2bb2260061fe82f0cf8ba6aed13e5c83f

  • SHA512

    6ac8e5542df26b4b25aaa6d0a2cf19cad3c7e85ecfa72dbdc97f13d2916e26e5ceb16e2ad61f25eeb962f6b050a0edc2163d23b215b4e9f674a678ce17ae34a6

  • SSDEEP

    12288:sr/tRZf7cw58UcDNwByTCO9TGpchCs5roAUfu6/lxCDxlB9v0G4uaPVHY+hvaRx/:+jbwD2y5IxsCfZHCDxFcxpPV4+Ng

Score
7/10
bootkitpersistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6666bd2d13471383d519373f4c8f9704.exe
    "C:\Users\Admin\AppData\Local\Temp\6666bd2d13471383d519373f4c8f9704.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2652-0-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-1-0x0000000000020000-0x0000000000030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2652-2-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-4-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-5-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-6-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-7-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-8-0x0000000000020000-0x0000000000030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2652-9-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-10-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-11-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-12-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-14-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-15-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-16-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-17-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-18-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-19-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-20-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-21-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-22-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-23-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-24-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2652-25-0x0000000000400000-0x0000000000A23000-memory.dmp

    Filesize

    6.1MB

    Download