70e289f768e9040468c23f6d5264778b6ab9453b3657b49eddfc3d4afc60807b

Analysis

max time kernel
93s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76ddee60122f7f796b9366ba23368ad4.exe
Size

388KB
MD5

76ddee60122f7f796b9366ba23368ad4
SHA1

f010149f9cd6ce5f778d1c93d5e27c5e4a2ed936
SHA256

70e289f768e9040468c23f6d5264778b6ab9453b3657b49eddfc3d4afc60807b
SHA512

85255c188f1fa09cf506e7c046ea60fab597dccfca2e37d809d5270fa9668a15ca35ee02d88159c9f5190a0352d38288b86b6bd1905003eceb1cff6d9120835f
SSDEEP

6144:W805yHbwOUo6RwLfurlHiIsmyh5yCuCak3vSGo4cFpdc/eekNpoSHzee8:j05OyrfRHiXhquv7Ypdc/eeqpoSTee8

Score

7^/10

spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3600-0-0x0000000000E70000-0x0000000000FC0000-memory.dmp	upx
behavioral2/files/0x000a00000002315b-5.dat	upx
behavioral2/memory/3600-6-0x0000000000E70000-0x0000000000FC0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 2848	3600	76ddee60122f7f796b9366ba23368ad4.exe	95
PID 3600 wrote to memory of 2848	3600	76ddee60122f7f796b9366ba23368ad4.exe	95
PID 3600 wrote to memory of 2848	3600	76ddee60122f7f796b9366ba23368ad4.exe	95

C:\Users\Admin\AppData\Local\Temp\76ddee60122f7f796b9366ba23368ad4.exe
"C:\Users\Admin\AppData\Local\Temp\76ddee60122f7f796b9366ba23368ad4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\984.bat
  2⤵
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43349.exe

Filesize
388KB

MD5
76ddee60122f7f796b9366ba23368ad4

SHA1
f010149f9cd6ce5f778d1c93d5e27c5e4a2ed936

SHA256
70e289f768e9040468c23f6d5264778b6ab9453b3657b49eddfc3d4afc60807b

SHA512
85255c188f1fa09cf506e7c046ea60fab597dccfca2e37d809d5270fa9668a15ca35ee02d88159c9f5190a0352d38288b86b6bd1905003eceb1cff6d9120835f

Download Submit
C:\Users\Admin\AppData\Local\Temp\984.bat

Filesize
175B

MD5
498e6e8e3026f8b3b34719eba6963b4c

SHA1
cf03deb01bb3628cf5c228f7295402877cfe67f5

SHA256
e413de2831219702f2f5afbca3584d5fba092d3b3f63266f4eebadf421964d59

SHA512
a88cac3bf7b3545d731f6f5117b65446a6241a660acc010d00c5be876de806f99a235b096d0ddca437b15af330c2414f59554ab9f4a2d70e92a74ff091a377c1

Download Submit
memory/3600-0-0x0000000000E70000-0x0000000000FC0000-memory.dmp

Filesize
1.3MB

Download
memory/3600-6-0x0000000000E70000-0x0000000000FC0000-memory.dmp

Filesize
1.3MB

Download