Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 10:47
Static task
static1
Behavioral task
behavioral1
Sample
720783dc09fc172c0983eeb3b489564c.exe
Resource
win7-20231129-en
General
-
Target
720783dc09fc172c0983eeb3b489564c.exe
-
Size
624KB
-
MD5
720783dc09fc172c0983eeb3b489564c
-
SHA1
45b80a24e130dd85035949ae2a2f2294def928a6
-
SHA256
70526e6e5bd07f7a0eb2dab278c107340fcd9f59505af54507528fd8032bc5df
-
SHA512
67eb7016f0d41aad36745bc849a1ddee6315c2a1e63c458d50ee40d4ac079dc70f2df0ccd8bece8beb8d6e0344bb215eca7868ca164bd64ce9c297ecdfc28b5e
-
SSDEEP
12288:WPHYZM0fg7sJbOslMuyUk1Ltkibg7vxYSnoKBDzs/W9YNDWvSV:g0fg7ctk1WTxYmt0/WSNDLV
Malware Config
Extracted
cryptbot
knuzjh62.top
morwye06.top
-
payload_url
http://sarjeb09.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2988-2-0x0000000000310000-0x00000000003B0000-memory.dmp family_cryptbot behavioral1/memory/2988-3-0x0000000000400000-0x0000000002406000-memory.dmp family_cryptbot behavioral1/memory/2988-221-0x0000000000400000-0x0000000002406000-memory.dmp family_cryptbot behavioral1/memory/2988-225-0x0000000000310000-0x00000000003B0000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
720783dc09fc172c0983eeb3b489564c.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 720783dc09fc172c0983eeb3b489564c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 720783dc09fc172c0983eeb3b489564c.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
720783dc09fc172c0983eeb3b489564c.exepid process 2988 720783dc09fc172c0983eeb3b489564c.exe 2988 720783dc09fc172c0983eeb3b489564c.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD59d4872c34d4fa6a0e19d36c0d82a7c3f
SHA1e646009925c04bb7abea0db9fc1dfd6dd1c5db62
SHA2566ba072b7a4200262ed86f4da0c48da415b0fd03bb808256ad0d9567ae40a5e72
SHA5124ec8fc79700b0fafa498031a5879da366895f6326cd1d7e05329b00103255d1c70db8e40b82db68f301d12cb167487f914a29fa9921bf5cd908c3d653c6c488e
-
Filesize
1KB
MD5668ce412d429cb3a0c225dce3728a2fc
SHA15fe4336b2f31ce09f48afe0ee99f1f555bd78656
SHA256a213facd208af1e82993e04d8bd1f3abfeddaa9cea2fa95862aa891e536202da
SHA5125919cdb608e152093d103c13d8b47036c53f8ff36f84cf8c5ec5a4517e290c0ab87febefad2e1d089db6b87d724f1ee48c6936d242ebae0e5b5efcd2716b5a84
-
Filesize
3KB
MD50711014736cadd9d62fb17e2b5c5bf80
SHA1da13b150a095de44a03890882336c86570cb632a
SHA256e11b7b5f7e67f1541f639adcca11be74a7aebaa05f10dbf0bbf4a2e897765b52
SHA512061518f65545ae3354c1b7b541080b772b9d62975f114454e09551ca807886d0241f2174e1e64506af50e44112a517ee3f9f441aea0a2df33f6a9622f709f3d7
-
Filesize
3KB
MD567778e70e9edc6e6f9dbeef3d1289fd3
SHA1fd89b01ab880078e10bd0d81a6264e44093701c7
SHA25619f9ff24e8d178b74be637d8da20eea9dc6061ce14854ad1d1b92bae3d9d8337
SHA51268073c906866e625645fc246996961d3e58feb28bb2c3aecf5dd045f8c6e02314bfb2a6446876147c0b8c59892fc014b595d61f1d394f4a1560121e28f873cc8
-
Filesize
4KB
MD53964d390dfc60d775ed64605053561c5
SHA1f79da731e048aab22ef3de9f10cead9e0b0e9fb2
SHA256a75b07188b19adba342495ed5cf56e62cfd652e30a254e9093cf5bcb5446cbfc
SHA5122f0bb5ad62cce3cca9889a179c0da0e122aa80821f24b426a0b663716018e9ad0c6166b5c87aebec27e1e91d2977acd45496236e2f85e321cbaaea655ecd2ee0
-
Filesize
44KB
MD52b2597c6b0ea3a6bd3157813882d96f8
SHA11ceb1bfbdd614be82ce356e03655bdd6127678fe
SHA2567f71340848a81ecd5288f7a97d28e5a870e69cba3f59168a0c743960c0c0f13d
SHA51205eb58332a857c3312ab8b0a7da35be9c363eff54d06a69f8d6e333f3a40268c92bdc1eb0432f259a9fd0315dba116ca802e729acace6d594a5a6c984c323c35
-
Filesize
1KB
MD5381bf1811f1eed2b808b7f6b9f6b89d9
SHA18240593b30c4fc094dc3badf480bbc83adc72864
SHA25679a7f6756387f8724b05d35792425af0fa40936f4ab615ae43ce8031c649a19b
SHA51208d0b34a6814b8db2dc8d7d746fba6f860afedb71903ccea50fca0b4a22787589c43e9ab5bb6ae444fe76d61dcd90b78a2199932e08e489003d72edf1be379c1
-
Filesize
1KB
MD5a72c4e038d21b8589c5e76b5db95efbd
SHA1372f54d722a9c6a75fcb78ff510425b2b61fbe33
SHA2568fd0b31dfe02a2cd472831122a488510038b2cfcb217d732861df2ad6b5adc06
SHA51232971d2d5584a7164a32434ad63426b9197a90283de1c8bd351266150c226d31f4252f79c4557c66bf4ec9ba5ed6b41da136e8cbe8d2c7e3f4f83a0b50893344
-
Filesize
3KB
MD51860a288caa5253207f4529cd55401a7
SHA1fca3c15c7e474994b04659b0d105366f41eb302a
SHA256d2bd41fbb5a21816ffa400cfb18d3e89a75adead5dd25d11f5e231bee762bf20
SHA512708789ce5032682de4a0b09758440566c13a8974304589aeadb948d0a9e82c435eca24e01302ec393d41deee7d4c45f27b5b3d0a6e1f7b011452a696c64ab590
-
Filesize
4KB
MD5684ba351d5c0ec6f3316afc3516f2cd1
SHA1332635d0b10da4aa1ec471482bdb075ad61ec6dd
SHA2560abdeb43834f717b2445ea4364c17dafc15ecfc9a542ac78d4a43807a6107b36
SHA512b3a5b6ed3eab301a9ff9200c34514b0fca0bba292e72c0ec229dc47ff071fa5790b0456e805f7f2a698826a74211a3a5988f4d9b7b829c62e2ab07b827380da7