804d8cb42f745b51b6919eb99d7a3ce01a70e76f0e5993da9291d00198629670

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7511f6af8a095ab9a56ede74d91aca3a.exe
Size

1.1MB
MD5

7511f6af8a095ab9a56ede74d91aca3a
SHA1

6af4847052a33f8a8a80c34dd55d54c06ee7e62d
SHA256

804d8cb42f745b51b6919eb99d7a3ce01a70e76f0e5993da9291d00198629670
SHA512

83d8d63e89ffbe86bffcc247e4aeb30755e0b48cdda6315ecdc7d484ca0018b5b48000617e962ff0fc7031cec832ee5bdfa82eb8f1194090ef9fd715c41617fb
SSDEEP

24576:SFt+pJJ0bSiGKHLF8n6EWns+KU6jez1aYvT998rwBLQ:SfsJASiGKre6o+KHjY1JT991BL

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

7511f6af8a095ab9a56ede74d91aca3a.exe

pid process

2644 7511f6af8a095ab9a56ede74d91aca3a.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Drops file in Program Files directory 1 IoCs

Processes:

7511f6af8a095ab9a56ede74d91aca3a.exe

description ioc process

File created C:\PROGRA~2\is259408758.log 7511f6af8a095ab9a56ede74d91aca3a.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2600 2644 WerFault.exe 7511f6af8a095ab9a56ede74d91aca3a.exe

pid	process
2644	7511f6af8a095ab9a56ede74d91aca3a.exe

description	ioc	process
File created	C:\PROGRA~2\is259408758.log	7511f6af8a095ab9a56ede74d91aca3a.exe

pid	pid_target	process	target process
2600	2644	WerFault.exe	7511f6af8a095ab9a56ede74d91aca3a.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

7511f6af8a095ab9a56ede74d91aca3a.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	7511f6af8a095ab9a56ede74d91aca3a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

7511f6af8a095ab9a56ede74d91aca3a.exe

pid process

2644 7511f6af8a095ab9a56ede74d91aca3a.exe
2644 7511f6af8a095ab9a56ede74d91aca3a.exe

pid	process
2644	7511f6af8a095ab9a56ede74d91aca3a.exe
2644	7511f6af8a095ab9a56ede74d91aca3a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7511f6af8a095ab9a56ede74d91aca3a.exe

description	pid	process	target process
PID 2644 wrote to memory of 2600	2644	7511f6af8a095ab9a56ede74d91aca3a.exe	WerFault.exe
PID 2644 wrote to memory of 2600	2644	7511f6af8a095ab9a56ede74d91aca3a.exe	WerFault.exe
PID 2644 wrote to memory of 2600	2644	7511f6af8a095ab9a56ede74d91aca3a.exe	WerFault.exe
PID 2644 wrote to memory of 2600	2644	7511f6af8a095ab9a56ede74d91aca3a.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7511f6af8a095ab9a56ede74d91aca3a.exe
"C:\Users\Admin\AppData\Local\Temp\7511f6af8a095ab9a56ede74d91aca3a.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 1440
2⤵
- Program crash
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259407604\bootstrap_52079.html
Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\buttons.css
Filesize
1KB

MD5
63e5607b6ca179f4022438b4c1ebb8cd

SHA1
3a51b4c95b4210058242ec0f3025cc28cec16cf6

SHA256
86c77fbf9666fae956c11a2711fe2596a03443aeb935bdc430509741cf43e530

SHA512
47d51c36a0482c0359282a9c42c3f3380fbcdbd4ce904b0bd3edcd43cbcbf4e694e6ae4ed513f4aabb4d21063bb7e54fbc1953874bd18cde2aec5477f80da502

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\main.css
Filesize
3KB

MD5
36d758d229dfe18de95fa25465c89d18

SHA1
bd7b2561987bad2e273d85061c22d5d1206d4335

SHA256
769684e8dfc949d912dd47920781eb055e077453298103a2ebf3e93b2eb38e38

SHA512
f1e4653cbde2654479ad1ef322d9a3f6bda956f6d74918513bd377f997fe4b80d81a5fe594e1e7d94aae52b613f74a2451b09ecf6465654b2641828b7645133b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\sdk-ui\browse.css
Filesize
318B

MD5
10c359bc980927bb66b215407ece3e66

SHA1
4a2fc034bf7b4e84d832b6bbd9413d2055b9ec62

SHA256
5b12769a75d1c755a284a73e1b8422f73d6223c23b72e5bce698c17f50185aa8

SHA512
ed707c6bbf5023aa147571d9d186e8348b11da6fb462de69e4135480f2e10081c416c80745411752797401660221e2040e624b5a6d3e1a57ba59cdcc009eb16c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\sdk-ui\button.css
Filesize
417B

MD5
37e1ff96e084ec201f0d95feef4d5e94

SHA1
4ec405f2668d5d93260525ad916abafa2414cb72

SHA256
8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534

SHA512
1a8a27a92abe35edaa2c950b130579c92f0d0d87b09971843c39569cf06d407b8e896751e73452676bfad45a363f0b6dd00cb6c5faf33966880539e106b19f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\sdk-ui\checkbox.css
Filesize
190B

MD5
64773c6b0e3413c81aebc46cce8c9318

SHA1
50f84ef8331341b48981af82313b146863eba526

SHA256
b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d

SHA512
03e96bef74c0b3a31124c3d3c1bb78af1053a8719ca373c6b9316d63bac9545c1f4ecc2d747eb64341d8da31bc0f23da094e19c3e07ed46f65c28dc88e13bd3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\css\sdk-ui\progress-bar.css
Filesize
458B

MD5
f047788b88f4dace0e828635437e565f

SHA1
159d7a6b7563e4e4756796a83a4c019b3862d86d

SHA256
2264c4f20115e93ea2d609e7bc088cb82f0947bc41e65c6cf546e2cabf5f48d7

SHA512
a61be4cbeb5ce48263b60d75a07c4614973203b76918d0489f31dd147c8b1a57340189f12a92b98b2ab7365849b12d31f694a6931c90b55b8a336a5990a34790

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\back.png
Filesize
991B

MD5
8a99e16e48ab5bfd0084ccd49281b036

SHA1
ab40545bb33ab2bad0891d3b71c3f618a916cb1d

SHA256
e44a2c233a1b29a6cb3bdd5955dece4ddd1e7497d3529bb55add8da124ad3fef

SHA512
f8b5fd65300cfd1f7554e381d0a3313ce8611aa092b44322c1b59ebc145e915707825f0fcf8e2e979ef6464df713db4d3897f4624f5ab9d777d4f8c4c5ef95cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\bg.png
Filesize
63KB

MD5
674ebeb11c056b0cdf01802020b8b41a

SHA1
16fba8a46be739be737fcce768021a83142dc7eb

SHA256
b2f6875b12c8d4d583f93380c34babc18bb027cb15ed4e8a39bfbb5d9848f0b7

SHA512
71a826aca996b7db61a23e3011d4b3d9e61469f82620e6c0b08b1c85492d81da0d151d4c9aac6b3c168b53f0e4314bc2af6d5949c1e579f062f2697ae86be40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\close.png
Filesize
1KB

MD5
60e7a3f760637dd125a1150474e7f6bb

SHA1
46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

SHA256
d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

SHA512
d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\icon.png
Filesize
5KB

MD5
45d8e7f1e721db59eca3dc36e932bf8b

SHA1
974fbb730c8c1ae66c6187f99d887f44d8a77a56

SHA256
f8cfaea0b23c976a4e7a67ffe79dd82210c5fea7d6eba2383a3cc33f8802ae05

SHA512
85b671dc81758977e5f807af91333573e1733ce8ca6721100dbe8538a481d8811d6d36754517948ff6a5ad984bb5ed0724790f43ba30dafdafb8c94735e249bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\loader.gif
Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259407604\images\next.png
Filesize
1KB

MD5
a4987c1267f6e8361800aa3d2dc840a2

SHA1
6d428d5e9333f78ffb65f8ac3aab06c8915078a3

SHA256
1b7fffc6ecbde629472f7e1b534243f7f7da06a6f2fed082cf1c62b6b002e9d5

SHA512
5fc4a1619851dddb8e689cbb342570f3004a7e4c030c593ac361b55584cda6178b3ce6a4baeed810467e569c07587affde5180420d793eb380782f440b23660a

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_7511f6af8a095ab9a56ede74d91aca3a.exe
Filesize
1.1MB

MD5
7511f6af8a095ab9a56ede74d91aca3a

SHA1
6af4847052a33f8a8a80c34dd55d54c06ee7e62d

SHA256
804d8cb42f745b51b6919eb99d7a3ce01a70e76f0e5993da9291d00198629670

SHA512
83d8d63e89ffbe86bffcc247e4aeb30755e0b48cdda6315ecdc7d484ca0018b5b48000617e962ff0fc7031cec832ee5bdfa82eb8f1194090ef9fd715c41617fb

Download Submit
memory/2644-139-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-1-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2644-138-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-0-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-140-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-141-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2644-142-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-143-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-144-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2644-145-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download