Overview

overview

10

Static

static

3

751f72c8da...c3.exe

windows7-x64

10

751f72c8da...c3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751f72c8da469f5b6b562698dc2f57c3.exe

  • Size

    591KB

  • MD5

    751f72c8da469f5b6b562698dc2f57c3

  • SHA1

    2db42618de80d2f43e27aa1fac5a7af8c0d702f9

  • SHA256

    19fe0e2a4195505e4414a206d346cdc01c9c4c879afaa502aae4706d11719452

  • SHA512

    43f193e58fa561e94a1b6786938e7cfb371924dd378cd276ef2c9ec65bb3c99b215f55a24445fd591c54d31c34c468a344cd5bb11064f0fb80c70bde52057b69

  • SSDEEP

    6144:dNUZhUpSFJLgGj9jv4oeEGRuYuSL9MQfXaxnY5n7Z2GtvWrLl5l:deZh6Y/eEAnuSOQIslnkl5l

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger
  • Snake Keylogger payload 7 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751f72c8da469f5b6b562698dc2f57c3.exe
    "C:\Users\Admin\AppData\Local\Temp\751f72c8da469f5b6b562698dc2f57c3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Users\Admin\AppData\Local\Temp\751f72c8da469f5b6b562698dc2f57c3.exe
      "C:\Users\Admin\AppData\Local\Temp\751f72c8da469f5b6b562698dc2f57c3.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 1620
        3⤵
        • Program crash
        PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1436-0-0x0000000000DE0000-0x0000000000E7A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/1436-1-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1436-2-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1436-3-0x00000000004B0000-0x00000000004CC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1436-4-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1436-5-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1436-6-0x0000000004280000-0x00000000042D0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1436-7-0x0000000000BF0000-0x0000000000C14000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1436-21-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2584-9-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-10-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-12-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2584-16-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-18-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-20-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-8-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2584-22-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2584-23-0x00000000006D0000-0x0000000000710000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2584-24-0x00000000743D0000-0x0000000074ABE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2584-25-0x00000000006D0000-0x0000000000710000-memory.dmp

    Filesize

    256KB

    Download