Overview

overview

10

Static

static

10

323389cde5...f3.exe

windows7-x64

1

323389cde5...f3.exe

windows10-2004-x64

1

365712147d...a7.exe

windows7-x64

10

365712147d...a7.exe

windows10-2004-x64

10

5474e75872...06.exe

windows7-x64

10

5474e75872...06.exe

windows10-2004-x64

10

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

59c59ef90d...4d.exe

windows7-x64

10

59c59ef90d...4d.exe

windows10-2004-x64

1

63fb410fc5...22.exe

windows7-x64

7

63fb410fc5...22.exe

windows10-2004-x64

7

9443472de4...e5.exe

windows7-x64

1

9443472de4...e5.exe

windows10-2004-x64

1

97a877b999...8d.exe

windows7-x64

10

97a877b999...8d.exe

windows10-2004-x64

10

a0f5def5aa...93.exe

windows7-x64

1

a0f5def5aa...93.exe

windows10-2004-x64

1

abfe442282...b1.exe

windows7-x64

1

abfe442282...b1.exe

windows10-2004-x64

1

b21f34ecfa...73.exe

windows7-x64

9

b21f34ecfa...73.exe

windows10-2004-x64

9

b4b97aa67e...a9.zip

windows7-x64

1

b4b97aa67e...a9.zip

windows10-2004-x64

1

svchost.exe

windows7-x64

9

svchost.exe

windows10-2004-x64

9

b8ce017478...a8.exe

windows7-x64

9

b8ce017478...a8.exe

windows10-2004-x64

9

bbb4627895...f2.exe

windows7-x64

1

bbb4627895...f2.exe

windows10-2004-x64

1

bdf06acf03...63.exe

windows7-x64

1

bdf06acf03...63.exe

windows10-2004-x64

1

Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-01-2024 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe

  • Size

    924KB

  • MD5

    ec9c3efe831aaa203058927df7de6138

  • SHA1

    b77581e047551a70aaba0db7a57349136bd9e411

  • SHA256

    63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222

  • SHA512

    0d5aedcebaa660f345c549b9ae07b4d18fc01b563907b378c1cd905029bb0c6f6849e0f03c7c4a724c3448eb9c693138265a0b0129a298af3aada9bb0f447d6a

  • SSDEEP

    12288:tZqu3sRwqpxGCMF3dera2ybCPWy5SqZWj+6GJZy82VS1ToBgdoByOHGae0r2ivr:B3yEoro2PEpUA

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
    "C:\Users\Admin\AppData\Local\Temp\63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:3220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\3Sa4mkDqey9x.razy1337
    Filesize

    144B

    MD5

    ed31c4c10f47ab96feeb6c29edfe8945

    SHA1

    26a4bc6b03e2da43445d5c7128b5e1ba22336833

    SHA256

    4d3579c907887ffc8cafe171af5926fa612836ced0859021253a8345e044e36f

    SHA512

    79b10bd1fb77170797c81c7d95e7f731dec24d6a69aec5dc8d515a680c91ed308fcd7d401eed98f81783379a200a2a18896095f8dff69ee1e4126676fd4b7dc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\dmR6rYL1N.razy1337
    Filesize

    144B

    MD5

    e2e2ea411234c505fdc04c9613d0e071

    SHA1

    efa39cf0ac5ae00fd143cad07c7b54f96c9a4bf5

    SHA256

    3a671ab184ce9bf4f1290b0df354353353a2c6455592c5ada288a09d3a61a37f

    SHA512

    82a06aa91853053f06bd37bde04878ee7f0dabe49ce04b18b7bb3e1751c8adbce1c89201b6c70b4a5db0457292c8c2a14e2c35b5b2e1d04ea0e4d08de1dcfa2a

    Download Submit

  • memory/3220-6-0x00000000051B0000-0x0000000005242000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3220-3-0x0000000009730000-0x00000000097CC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3220-4-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3220-5-0x0000000009D80000-0x000000000A324000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3220-1-0x00000000745F0000-0x0000000074DA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3220-7-0x0000000005180000-0x000000000518A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3220-8-0x00000000053E0000-0x0000000005436000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3220-9-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3220-47-0x00000000745F0000-0x0000000074DA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3220-52-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3220-58-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3220-2-0x0000000004F60000-0x0000000004FBC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/3220-0-0x0000000000550000-0x000000000063E000-memory.dmp

    Filesize

    952KB

    Download