Overview

overview

7

Static

static

3

7de8f3c3d5...03.exe

windows7-x64

7

7de8f3c3d5...03.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2024 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7de8f3c3d53fcf85e9e86db85a42a903.exe

  • Size

    118KB

  • MD5

    7de8f3c3d53fcf85e9e86db85a42a903

  • SHA1

    87664fbc7b91b476d5d9a66c1c07e504a1dc6b5b

  • SHA256

    d9120ad6f54d5b6022ad8cae7fcddbd84d1956cb297b880f571bcfa5289f958f

  • SHA512

    5b4461046696606bf0379e77c0ddf2b329810b26061345a0545731c5c01446c28e638744985792741a1f9d9015e63e2e7ddf714a4586105a522e647a3843de3d

  • SSDEEP

    3072:Eaep2EtMKoK5aR2QZArXx/OxvKFK9VeiIdU2fbdztnbXv:LeXMZ8asXxOkK9QTJhD

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe
    "C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe
      C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
        PID:3028
      • C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe
        C:\Users\Admin\AppData\Local\Temp\7de8f3c3d53fcf85e9e86db85a42a903.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:3064

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\6287.184
        Filesize

        300B

        MD5

        76e6acd37f269e1c58fe8ac696eb8821

        SHA1

        174b5512d24d1a5581731c401961bd12c456ee44

        SHA256

        2fb22a2e59cc59a36b92cc13b59b04473b35ea8765eb18735f435f4a646421fa

        SHA512

        636b87e8ce2598c02241209605b9c04602181ab61dba87b3b03c84181bebfefc0b2171b1c2c0ecaff2f536b577f323c692d23b5e37502f81c120690c94ad4c9d

        Download Submit

      • C:\Users\Admin\AppData\Roaming\6287.184
        Filesize

        696B

        MD5

        a7b50b753d26c1482cd0517d55f44926

        SHA1

        71aa698b0a9e44a3d893ea8b04b87c3ce85d4461

        SHA256

        055d4b171befcab7711b75c221cb4e8f8f511ed0a2b1445d2940a97852efbcd3

        SHA512

        7d07347e53c198f783a644c18553db89993ad05a69dc3bcab49d19835096ad8396a41713a5c866efe16a7c795fca1e3beda6a858ec3a8e800a2f97ad9884c014

        Download Submit

      • memory/2800-1-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2800-3-0x00000000005B0000-0x00000000006B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2800-64-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2800-72-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2800-73-0x00000000005B0000-0x00000000006B0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3028-5-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/3028-6-0x00000000004F5000-0x000000000050F000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3064-70-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/3064-71-0x0000000000335000-0x000000000034F000-memory.dmp

        Filesize

        104KB

        Download