ee65e9d7a7bc9d17e894e0b775fc0bbfb35e72c65c3d768e34bfe059d521cc16

Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-01-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
Size

924KB
MD5

ec9c3efe831aaa203058927df7de6138
SHA1

b77581e047551a70aaba0db7a57349136bd9e411
SHA256

63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
SHA512

0d5aedcebaa660f345c549b9ae07b4d18fc01b563907b378c1cd905029bb0c6f6849e0f03c7c4a724c3448eb9c693138265a0b0129a298af3aada9bb0f447d6a
SSDEEP

12288:tZqu3sRwqpxGCMF3dera2ybCPWy5SqZWj+6GJZy82VS1ToBgdoByOHGae0r2ivr:B3yEoro2PEpUA

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Audio Driver HD = "C:\\Users\\Admin\\AppData\\Local\\Temp\\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"	63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2264	63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
"C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\O7yJjH03eFg7.razy1337

Filesize
144B

MD5
3bc0446b5bf22f711a003b18381aefa8

SHA1
947f03bec845bba18ea555694f92e4091b466b3c

SHA256
1a01c3fc7d45cdb44c32b257bc6b1c648bb2f30003462647a66552271669db99

SHA512
d8fc378508971071e696dd6356ee911736abb7d58da9c9f89a3e72415144da96bb397dc005bc2f7d35527f153791076c78fa6a80289a4c3605426eb96f396fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\V6tpm3VlYfl9.razy1337

Filesize
144B

MD5
6ddfacaf0b3b9ea017e6b20f0317ff2a

SHA1
60059fca436bc586e71039471ff50ede05bfa462

SHA256
4b4afa351361971db49964c7a14a9e6c7f040f27fa68b15ec75e859a9295f287

SHA512
0b77786547cea98522d3ca85c73094e14ec374cce2f144de4801a19918f93ba1fd0d3609b31e6e1e325dc234af8929e00b9e566a6944ed126bf12561124c2d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\hA6kVYJ.razy1337

Filesize
160B

MD5
0d19d20fad2eb85775f9cc0cad28e2ef

SHA1
1f4885723cd70bfc445676586f5c269f60575606

SHA256
a2ce83b97b66caa0157dca821bf52585b48a49cf64e65f6f624af6af5924f1b2

SHA512
c62020655b6f24ca7d1297a6aaca6b172b9ee556c898d1b6b538f1c162ad6728a0f4a3e2c51c74e86dba7ffa486b0c6a812b67cc7e4783bc8f98df6ca0bb8995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\5iJMrQfcF.razy1337

Filesize
8KB

MD5
28db66417318ee495d985be8843e2026

SHA1
8bdfd83ec6ac9bebb899eb83af585f382acc5a65

SHA256
0163cee62278e6b99dd69d8c9138f22b33c264913416d02b9dd99166241b50ba

SHA512
732e8f78546a38b43443086b7105db67213870210fdbac82f20b98ac5e00e692b4f8db815b2f0024bd3c20453336a1ec163153881b4ce80d3e2af080d01b2b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\BgFsvB3K0b.razy1337

Filesize
8KB

MD5
856e140905e8cc0dfb1c18d03721af68

SHA1
f287cebc990462818ea55d6db119af8b2a651ece

SHA256
e72d40b4535795e65984e73a1912a3013d93b7fd2ce8eca9be6f82e3f74f8a44

SHA512
86f3911d56fda1780f95aa39d23c5e4c87556e67a6b1d6532ae13d7b4ed5aef07c2af2de7f70fa4b8b53ab8c50d18e4c2e09572a28df091416ecec61c212caa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\xjOqogIuL.razy1337

Filesize
264KB

MD5
b6f68aae2755b75053762c649b0c34f7

SHA1
6a738e3b9820e52a1fa92f607aebda7b3e50696e

SHA256
2b266755c7e1609d3ac15b8093f7fd78dde6fe8daefa7d06d7038a4bec4eede5

SHA512
9824c5c7d6a396f78d7eaa55fe450377577413df76bf8f05266e7c67274dbe4aed53ae68cba9e002f19098f75e9f985c4f9b2e0ef33a84921a8d4b64483835e3

Download Submit
memory/2264-4-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-48-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-53-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-54-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-42-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download
memory/2264-5-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-0-0x0000000000E90000-0x0000000000F7E000-memory.dmp

Filesize
952KB

Download
memory/2264-3-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/2264-2-0x0000000000CD0000-0x0000000000D2C000-memory.dmp

Filesize
368KB

Download
memory/2264-1-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads