Overview

overview

10

Static

static

3

750b85baa4...e8.exe

windows7-x64

8

750b85baa4...e8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    750b85baa48747ac878a18335738e0e8.exe

  • Size

    264KB

  • MD5

    750b85baa48747ac878a18335738e0e8

  • SHA1

    c99f4871b5e57ca5d465ac164a844f21428f18ac

  • SHA256

    2724f3b0539c56d0e63c2f4af9a96ec16b8469ff1bf18e67035d5283619b2f3d

  • SHA512

    e5945c5a1887eb96363882ea17e23aa70f83ac273c7d5d9bdb111db787e3b4d76757182f6455689a3b53ea908491f1d812571f21ee38a25447cf4ed8ca8780e7

  • SSDEEP

    3072:1qli58fVgw9rFxEY7gQzBMqbGQ1v8hQqB+I7pvKboaksHECrIn:B8fGw9UY7gWyQqB+I7A07sHEiIn

Score
8/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\750b85baa48747ac878a18335738e0e8.exe
    "C:\Users\Admin\AppData\Local\Temp\750b85baa48747ac878a18335738e0e8.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\netsh.exe
      "netsh.exe" firewall set opmode disable
      2⤵
      • Modifies Windows Firewall
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-0-0x0000000001F10000-0x0000000001F44000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1992-2-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-1-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1992-3-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1992-4-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-6-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-8-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-9-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-10-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1992-11-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-12-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-13-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-14-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-15-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-16-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-17-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-18-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-19-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-20-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-21-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-22-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-23-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-24-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-25-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-26-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-27-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-28-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-29-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-30-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-31-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-32-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-33-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-34-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-35-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1992-36-0x0000000001F50000-0x0000000001FD0000-memory.dmp
    Filesize

    512KB

    Download