7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8

Analysis

max time kernel
1199s
max time network
1205s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
Size

15.4MB
MD5

48960927f906cbe23a79dc61ff0a2fea
SHA1

62ab60890776f8c0188253c61c59706ca5046950
SHA256

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8
SHA512

3e2d0e487d9138eaedc0529f4c98cb96635886133ce3020af55175a3ca9e3d5bdf81dfcf5c89e54abc916cdf79cbc44c371ff6014f2fad1fd92c9b7c2d05afb4
SSDEEP

393216:bZnIdQ+TOgj/C5oo4162qc1kqzp99v93UUxRz:bjQScqwkqTp93UUxV

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2616	BraveBrowserSetup.exe
368	dexket.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

GoLang User-Agent 7 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	65	Go-http-client/1.1
HTTP User-Agent header	66	Go-http-client/1.1
HTTP User-Agent header	11	Go-http-client/1.1
HTTP User-Agent header	46	Go-http-client/1.1
HTTP User-Agent header	48	Go-http-client/1.1
HTTP User-Agent header	55	Go-http-client/1.1
HTTP User-Agent header	64	Go-http-client/1.1

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe
2616	BraveBrowserSetup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 2616	1492	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	88
PID 1492 wrote to memory of 2616	1492	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	88
PID 1492 wrote to memory of 368	1492	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	90
PID 1492 wrote to memory of 368	1492	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	90
PID 1492 wrote to memory of 368	1492	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	90

C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
"C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\dexket.exe
  "C:\Users\Admin\AppData\Local\Temp\dexket.exe"
  2⤵
  - Executes dropped EXE
  PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
832KB

MD5
33fc8a8c75368a000616475a11373233

SHA1
cfc9f54eed3d530023ef95386794235ab7b9f08c

SHA256
b4ac631007b21a89696e92d83ef2b3e2458c94d7736c290c3073fbf1049978da

SHA512
7d314ec4ec5a0eea2edf7905fa2db94b863942bba100fbf8d63b8d4bb9506fe9a706dd0eb3065b579cb01c56ba49f65bd5df97aabbcb3f2025fc9d342ccaf7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
250KB

MD5
5014fa8b9a0ade49dedf5aacec56c40a

SHA1
f08df78eec3d3e1d5b4d98b65207a74ef05a17b3

SHA256
0083ffe5ceda4d0c0168110d4e5782e72213c7ca384cf1dc87e7311a19023839

SHA512
27ebd6709d700bdb89623232cbd0ec62c501fdd9cd5177d80a71a180e106e31d636753efd44e3490a181e3c93f4ed0bbf14e0ebfaa65dea1805b59fb9c180e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
196KB

MD5
9863704ffd3b84254ce254fd176a4750

SHA1
4c3dd165e776aea4fcb4b1bcb8a1ff3d436da2ac

SHA256
626433b81657707cc539a53dff408171d60618e5a4d1cf8f307a5ba5dbc17aaf

SHA512
36cdb9e81d567fe9fdf871d627fd3486c6c9dc514907f14abdf35a61a9d349663aa0598cdf6a85a8ec4e73b6f8337c9397028ff260058974f2a136c235caa674

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
229KB

MD5
fcca5b3a155cb513d7017ca600a94398

SHA1
a09344f2bb55684a699afac503ba5a318750449f

SHA256
694b4cf964a8b20c50ad67e15ae439350b3e7cbb5b50a022407c15e02d89f72e

SHA512
eb2415c3adcac9c5204d3178c586d74ae7e6a6f7323695264e9b7f5724eb10900c13bf44970b31c6ff1f2b40b89604f124ac1c01d5def993b189ad222fcc2c5a

Download Submit
memory/368-51-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-86-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-18-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-105-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-104-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-102-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-19-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-20-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-21-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-22-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-23-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-101-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-100-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-99-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-60-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-97-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-96-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-95-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-42-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-44-0x0000000002170000-0x00000000024FE000-memory.dmp

Filesize
3.6MB

Download
memory/368-46-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-47-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-16-0x0000000002170000-0x00000000024FE000-memory.dmp

Filesize
3.6MB

Download
memory/368-52-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-17-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-98-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-83-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-65-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-68-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-69-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-74-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-75-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-77-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-80-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-81-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-61-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-85-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-57-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-87-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-92-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/368-94-0x0000000000D10000-0x00000000018FE000-memory.dmp

Filesize
11.9MB

Download
memory/2616-41-0x000002979C850000-0x000002979C982000-memory.dmp

Filesize
1.2MB

Download
memory/2616-40-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-12-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-11-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-10-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-7-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-9-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-8-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download
memory/2616-4-0x000002979C850000-0x000002979C982000-memory.dmp

Filesize
1.2MB

Download
memory/2616-5-0x00007FF741720000-0x00007FF741A86000-memory.dmp

Filesize
3.4MB

Download