7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8

Analysis

max time kernel
1193s
max time network
1191s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
24/01/2024, 14:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
Size

15.4MB
MD5

48960927f906cbe23a79dc61ff0a2fea
SHA1

62ab60890776f8c0188253c61c59706ca5046950
SHA256

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8
SHA512

3e2d0e487d9138eaedc0529f4c98cb96635886133ce3020af55175a3ca9e3d5bdf81dfcf5c89e54abc916cdf79cbc44c371ff6014f2fad1fd92c9b7c2d05afb4
SSDEEP

393216:bZnIdQ+TOgj/C5oo4162qc1kqzp99v93UUxRz:bjQScqwkqTp93UUxV

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3580	BraveBrowserSetup.exe
4556	dexket.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	3	Go-http-client/1.1

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe
3580	BraveBrowserSetup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3580	3640	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	78
PID 3640 wrote to memory of 3580	3640	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	78
PID 3640 wrote to memory of 4556	3640	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	79
PID 3640 wrote to memory of 4556	3640	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	79
PID 3640 wrote to memory of 4556	3640	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	79

C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
"C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Users\Admin\AppData\Local\Temp\dexket.exe
  "C:\Users\Admin\AppData\Local\Temp\dexket.exe"
  2⤵
  - Executes dropped EXE
  PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
2.1MB

MD5
9a45efb9677b782c9b9d4cf515f782cf

SHA1
348ea4242dbfba65daa1f8e6c8561641f927ddff

SHA256
a05f37aaf82d576ff766cbc747161a17875a64c238ecebd455832ccd71a342d8

SHA512
76021c18303f7ec4ac0a9557d998d560b0f2b359e9096633c73889bc28b12ea2310aefd909a370dabbf5a44e6396df4893a597fbecc0d6fee3c39d94dcc62fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
1.9MB

MD5
d680d2917481bfd262122e7b29decf12

SHA1
a7df7d8e4e8071b979972c3976a54a908f6bbe94

SHA256
a21539d8bc802b65960dec0c16ca42d00394228288711442b49e9186665e164e

SHA512
bc11b43a46936640a9a207a55cdd5f6e63ab9b97b608ffdab6c999642d30b3f8ce0a2aec0560bb340a691cacaa04f3a8232c74fa219de97ecad4d33b696a20cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
767KB

MD5
8dc02ce7893fb2e72ddb834bd5c58269

SHA1
8c9e415d9610f93961458c5b4aab11aa0c8a1869

SHA256
1ad42c95ea1348c39f92fb798e28e3643f6121c1d83367f271290e3712876a6a

SHA512
b388938b3a055213a235f97920656b51239dffdfc73fb5ae9f06e5c7864a10fed90633f3a5efb15c429b42f058bff452fa71d585e4886da24fd176c59009d48a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
748KB

MD5
e65a2f243100c85f6385fe37c10b8e80

SHA1
c2f104a583c35512e3c1ed031126f032b72587c6

SHA256
3814beca3926f534b392474bd608dd49d53a1dbcf487a7e17f4b96803c2dbe68

SHA512
0ad6cd7056af044dcf2130573511fff727a77efbc398b89209fad6373635e5cd4c8c60556fcf943fa4a3bd0d3fafb51aa88aeb3bbc2faf67ec787602cf840a2c

Download Submit
memory/3580-5-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-7-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-8-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-4-0x000001F5FEAA0000-0x000001F5FEBD2000-memory.dmp

Filesize
1.2MB

Download
memory/3580-9-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-10-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-11-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-12-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-40-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/3580-42-0x00007FF68F4E0000-0x00007FF68F846000-memory.dmp

Filesize
3.4MB

Download
memory/4556-52-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-61-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-18-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-19-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-20-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-21-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-22-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-23-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-41-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-44-0x0000000002440000-0x00000000027CE000-memory.dmp

Filesize
3.6MB

Download
memory/4556-45-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-46-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-47-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-49-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-50-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-51-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-16-0x0000000002440000-0x00000000027CE000-memory.dmp

Filesize
3.6MB

Download
memory/4556-53-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-55-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-56-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-57-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-58-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-59-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-17-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-62-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-64-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-65-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-67-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-68-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-70-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-71-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-72-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-74-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-75-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-76-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-77-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-78-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-80-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-81-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-82-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-83-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-84-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-86-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-87-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-88-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-89-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-90-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download
memory/4556-92-0x0000000000DD0000-0x00000000019BE000-memory.dmp

Filesize
11.9MB

Download