Overview

overview

10

Static

static

3

7e52a8ea6d...2b.exe

windows7-x64

10

7e52a8ea6d...2b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2024 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e52a8ea6d5e74171fc139b8a44c4f2b.exe

  • Size

    519KB

  • MD5

    7e52a8ea6d5e74171fc139b8a44c4f2b

  • SHA1

    bb07e01794eab7d9691862c486519706f9520122

  • SHA256

    087463d769d4bacbde05c6c64d54123fc50148ef081f643b29cb057cd61771e8

  • SHA512

    787f48ff7a6cb9508d9d6b7bfc627dd279533c2b56aa1ccbbbe4c96e8ed5fd1f957047d819e3354c3a281dabade90a9115bc18b57fc9c476c2ee0fc78dd1377c

  • SSDEEP

    12288:XYONCsypxWpFogCZhsjMnw8opmAk8BDj/r1MywS/r3o:XRypxUoRigTobk8BDjhMy

Score
10/10
44caliberspywarestealer

Malware Config

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e52a8ea6d5e74171fc139b8a44c4f2b.exe
    "C:\Users\Admin\AppData\Local\Temp\7e52a8ea6d5e74171fc139b8a44c4f2b.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1340

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\44\Process.txt
    Filesize

    397B

    MD5

    12d7ead3760f5820a2e5bb5c8f12d906

    SHA1

    88cd1bdbef851f7584690df3c5d53b61e77feab5

    SHA256

    54d98aa537d81c8ec8189d212c0e052c3f2dd5002557871eab4ec5915869e528

    SHA512

    95cfba0bc74c3894e9fa3540d36933ae0bffea8c7303ef1c91a72a69401749759fda03fb233a24fbaacc3afb256f98c7b54277c54019b7ef8a4bf42dd3dbe4b7

    Download Submit
  • memory/1340-0-0x00000000008A0000-0x0000000000928000-memory.dmp
    Filesize

    544KB

    Download
  • memory/1340-1-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1340-2-0x0000000002130000-0x0000000002204000-memory.dmp
    Filesize

    848KB

    Download
  • memory/1340-3-0x00000000003C0000-0x00000000003C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1340-4-0x0000000000340000-0x00000000003C0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1340-50-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp
    Filesize

    9.9MB

    Download