Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-01-2024 10:47
Static task
static1
Behavioral task
behavioral1
Sample
720783dc09fc172c0983eeb3b489564c.exe
Resource
win7-20231129-en
General
-
Target
720783dc09fc172c0983eeb3b489564c.exe
-
Size
624KB
-
MD5
720783dc09fc172c0983eeb3b489564c
-
SHA1
45b80a24e130dd85035949ae2a2f2294def928a6
-
SHA256
70526e6e5bd07f7a0eb2dab278c107340fcd9f59505af54507528fd8032bc5df
-
SHA512
67eb7016f0d41aad36745bc849a1ddee6315c2a1e63c458d50ee40d4ac079dc70f2df0ccd8bece8beb8d6e0344bb215eca7868ca164bd64ce9c297ecdfc28b5e
-
SSDEEP
12288:WPHYZM0fg7sJbOslMuyUk1Ltkibg7vxYSnoKBDzs/W9YNDWvSV:g0fg7ctk1WTxYmt0/WSNDLV
Malware Config
Extracted
cryptbot
knuzjh62.top
morwye06.top
-
payload_url
http://sarjeb09.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral2/memory/4340-2-0x0000000004150000-0x00000000041F0000-memory.dmp family_cryptbot behavioral2/memory/4340-3-0x0000000000400000-0x0000000002406000-memory.dmp family_cryptbot behavioral2/memory/4340-208-0x0000000000400000-0x0000000002406000-memory.dmp family_cryptbot behavioral2/memory/4340-213-0x0000000004150000-0x00000000041F0000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
720783dc09fc172c0983eeb3b489564c.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 720783dc09fc172c0983eeb3b489564c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 720783dc09fc172c0983eeb3b489564c.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
720783dc09fc172c0983eeb3b489564c.exepid process 4340 720783dc09fc172c0983eeb3b489564c.exe 4340 720783dc09fc172c0983eeb3b489564c.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
38KB
MD56b61bcf72bf18e4dbdeb9234894cbba8
SHA1db58eb673791f46dc80f129b9c25a84aa887da2b
SHA25639526454077167ac85b958827432ba7f4a816490098c52f1f66c760676851dab
SHA512214ec8035098e5fcc218663e325f0eb828bc6c016fefd1ccb7a597078e2f15be219f822975e1dfe553881144bcdab8d822e82710324c0ca4e5e1e2a2cfe8bcd3
-
Filesize
38KB
MD5edab6b8368454d0dd2f26cea56985912
SHA1b63f75be394e14aee31d8abde887efca19c233af
SHA25650abaa96a85d33bb2880662457b053ffe57b41db118139f1eea34296800da154
SHA5129beb2d17b9f55b06e2984c2041234629c3d5efc7837a9dd638708f7c6cfe9532c8d98cc006b9642167c0d52ec0a956651df8e43e25b1eeed5a894b44ebd4420f
-
Filesize
1KB
MD5ed9142ba627a4d40df81a9e7dccaaefc
SHA1b446f953721d4b73dce5db9ccdcf8ee7054b9d8b
SHA2565f6be384beaa5a3d6d83f1ac8cf92e0e50fd6e84920d8ece77034aafd7bebb74
SHA5123a16d2e317425fd82cd91c4a64e2cadcf36b3cc880332830f395405608e5bfab255cfa4b1c1aa7b086f4fc38419b7d567f2838bbc3fdcea409868cbc01cc64ab
-
Filesize
3KB
MD5ba2b2acce6f4bff98b95766aefa122ab
SHA1032778f3d31eade9d91b3244270c8b75b400c77d
SHA256e8934a028d9dec40f09c7035d8acc7ea1d93ea5f70f5b1c1ed2ae62c24bf1a21
SHA51215ebc245485785e6c64727ca5da8928f4cd87ff7be17f2bff4cfa10e344927bff27e8aa88e2107f7237f92a7a176fdd6db05b0d3c027250695ea43952a6b22d6
-
Filesize
4KB
MD5b2caf3322b8ca46205b66428ebaf62ef
SHA1d7aec95ed2567ed3d924f9636757715c4747973c
SHA25636c3fead154607ca32f98f5aab64bd8143bf1db7b7f8bde57d08045ac1b541ea
SHA512488d3bf6d2ff28d2a382afb5afa8eca22587b7191e05bd787e0687d8f5b20bb495e4cf886b228cd9df100cd5b13fc84decbfc80925600ac4792790a2a745176f
-
Filesize
44KB
MD597c23900391c2b430dcc9ba0a0b23053
SHA19a1037d14f4a6d5bc736cf7673bd3e4d98c650b5
SHA25618ea6f7e1efd00fd86ca385c9776c302ca7a13a37d2d6107c7665ad3f7b95830
SHA5129b3a07fc6569b717135d849129b4e5df49675ce4e56cb1fdc37d31e76f088725dc5db1e176ffa7e5d87de07d109d295390c3347770ee36b531f00addb22b96a9
-
Filesize
1KB
MD559f9354fd11aa5760597228093613520
SHA178e0046c41aab5aae8fcc6c169a946458277ff74
SHA256a2dacb518067b1a190a02ea8b94d3690f8435561404cc103c81cdcb0165ea56f
SHA51278672f14b8a9cf196901a8169d7d035ea87682e1dee87b24d48f47bb6dfc8ee16296c6c6cb1ddba142eca5a6f7d91cc0da8a37802dbe5cba253789d3bbe72fac
-
Filesize
2KB
MD5f693488194e528fb3ed1055c4d446e83
SHA1854ae5b11303ad3acb57b81cd0a5e80a450ec06d
SHA2563309043d4ecd26df4e583ac784ae16f0735cdfd495106dde3ccbc25567a7d83d
SHA512e4f3e761026d364443bb5550e7cbf0503abab191d1b242f80607105230846642bfe0e8d34891978db88499771a85dd70d202bb431c55d057a479422054ed2976
-
Filesize
4KB
MD5d633532be5085bad69cacd15e794d0ab
SHA1e596e1b1974c53335cbb61504558255b6f36553b
SHA25647223e2779f0129de8e0d92733cf907c1e26e701485846abeae24ba2b882c1b1
SHA5123ab8802108ae208a43235266e779d627ab7891bee04ea875afc594939cbc2a625c94d8d4d5464a3b33a660125e0bde26edf250556826babedce02b206883bcc3