Overview

overview

10

Static

static

3

7e52a8ea6d...2b.exe

windows7-x64

10

7e52a8ea6d...2b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2024 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e52a8ea6d5e74171fc139b8a44c4f2b.exe

  • Size

    519KB

  • MD5

    7e52a8ea6d5e74171fc139b8a44c4f2b

  • SHA1

    bb07e01794eab7d9691862c486519706f9520122

  • SHA256

    087463d769d4bacbde05c6c64d54123fc50148ef081f643b29cb057cd61771e8

  • SHA512

    787f48ff7a6cb9508d9d6b7bfc627dd279533c2b56aa1ccbbbe4c96e8ed5fd1f957047d819e3354c3a281dabade90a9115bc18b57fc9c476c2ee0fc78dd1377c

  • SSDEEP

    12288:XYONCsypxWpFogCZhsjMnw8opmAk8BDj/r1MywS/r3o:XRypxUoRigTobk8BDjhMy

Score
10/10
44caliberspywarestealer

Malware Config

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e52a8ea6d5e74171fc139b8a44c4f2b.exe
    "C:\Users\Admin\AppData\Local\Temp\7e52a8ea6d5e74171fc139b8a44c4f2b.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3452

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\44\Process.txt
    Filesize

    1KB

    MD5

    a393cbef7b747d4dbc567f2179aee427

    SHA1

    4992c3bbf398ab5bd126a0f1931a76553fc4f056

    SHA256

    fe8f804d0decfec3ecd4fd6e1600944102bc6ef19766e0a89a0eb1dbcb45eefc

    SHA512

    3f7bb515dc180a6dbc45d044bd0ea95250539edbc4a07b32087e96a3ddd2a36577b97cd0056d003f3404f48d8dd2a00e5a115fed30b9eaf169f9b893bf4963ad

    Download Submit
  • memory/3452-0-0x0000000000270000-0x00000000002F8000-memory.dmp
    Filesize

    544KB

    Download
  • memory/3452-1-0x000000001ADB0000-0x000000001AE84000-memory.dmp
    Filesize

    848KB

    Download
  • memory/3452-2-0x0000000002350000-0x0000000002356000-memory.dmp
    Filesize

    24KB

    Download
  • memory/3452-3-0x00007FFD9DE20000-0x00007FFD9E8E1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3452-4-0x000000001ADA0000-0x000000001ADB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3452-120-0x000000001BF70000-0x000000001C119000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/3452-121-0x00007FFD9DE20000-0x00007FFD9E8E1000-memory.dmp
    Filesize

    10.8MB

    Download