Overview

overview

7

Static

static

3

7e996dfdbd...21.exe

windows7-x64

7

7e996dfdbd...21.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e996dfdbde319e041057378369f7621.exe

  • Size

    52KB

  • MD5

    7e996dfdbde319e041057378369f7621

  • SHA1

    aa02aa3f1d32c261ee235da51e089d6ae287262f

  • SHA256

    8bf5465a8c355992bb5b3ea2421445ba500eff81ebfedafdf1f8655cd6e2c287

  • SHA512

    072d6fbfd41f8f144d7bf3eb013df9d17db8915a999e16d98266899e67974516fa3f8b4dc09af0b82bcc806a8caa79c11bee2a460fc1961a7e50b262bcae93c9

  • SSDEEP

    1536:9A0QUTa7ZTejlkJEqAELVigvGsisKldF:9Lf29eRkJjAI0tZ5

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1252
      • C:\Users\Admin\AppData\Local\Temp\7e996dfdbde319e041057378369f7621.exe
        "C:\Users\Admin\AppData\Local\Temp\7e996dfdbde319e041057378369f7621.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Users\Admin\AppData\Local\Temp\7e996dfdbde319e041057378369f7621.exe
          "C:\Users\Admin\AppData\Local\Temp\7e996dfdbde319e041057378369f7621.exe"
          3⤵
            PID:2140

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
        Filesize

        14KB

        MD5

        2929457265483679e0acfa3c0bcf84fc

        SHA1

        ac1b057d096c0cdac1559c99de8d0fa2856d0414

        SHA256

        282582b62296899cc75faa456e02cdba20ec512532dc10b809ec0fb1c4d5011f

        SHA512

        1f574dd5ae0c713bd3d4826c8a3c6ae708a3c9f9d6c6a8731554876c83a88d29200b902af3bff15f8e357194ecc9faa461c0ab822820a115248feacc2aa94c3c

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
        Filesize

        12KB

        MD5

        8156706568e77846b7bfbcc091c6ffeb

        SHA1

        792aa0db64f517520ee8f745bee71152532fe4d2

        SHA256

        5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

        SHA512

        8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
        Filesize

        8KB

        MD5

        7757fe48a0974cb625e89012c92cc995

        SHA1

        e4684021f14053c3f9526070dc687ff125251162

        SHA256

        c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

        SHA512

        b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

        Download Submit

      • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
        Filesize

        451KB

        MD5

        4ac56ce6f1672a511302c1b7fe1c5356

        SHA1

        7475d67a704fcbb77de201ab9f6bd1c2f4e87ad1

        SHA256

        579d5aa7b7bb50ccaa0498f9654b09428fca2751c12becb8e3b180ba7549a94d

        SHA512

        010ce875033f44fcc646a93952d33a6e8e1dc6d11a412b70126291632205896bbd7f7536b53e8fbb447e011867c9ec201dd3a9aa4efcff96136964f2a8dcf354

        Download Submit

      • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        Filesize

        640KB

        MD5

        981317a5288f5aa45a00b3c369b959e9

        SHA1

        3e6126d33fc6452de14e0d68f356a0a49fe3e998

        SHA256

        5bc4570568c6bf0e7cd6a9471bb10890ef69b2a8491b9b2006321d4f628de413

        SHA512

        1a30fcc6e48f9abd4b0e21c60a3e714fa17d2b763926a09aab3323f551766a2fa9195742b73ea207d18984d7ae9545ea03f7f49f1a15eb734a0654bcbcbd40b1

        Download Submit

      • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        Filesize

        640KB

        MD5

        2b5a6c34e0712ce8b3b1cf717e8b1221

        SHA1

        5f9a1e9dbe1a030a6bf54f1cec559660afba8973

        SHA256

        f1c3ceafdd02a64d1ce74dff57b532bcb8d9d14e0a1251d71e7a94545c1b2e3d

        SHA512

        4cb50ea700bad0b6fe75fec1f6af24349d14946d82936139db42d8ada7f9613f53afd16260a1430cb26a2a653e062221d17458d92c243b26cc28aaacdd94925a

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        461KB

        MD5

        55fee1dff97ec59796b13da3812addb4

        SHA1

        160861919b35ac8cede34f7291e0db905e000688

        SHA256

        bc6fe00a4b643ef2d711a1545fdbac757e4b4d92c19e80ef059c0e7ca9a545f9

        SHA512

        f366b19126c2c2b434446eba4f188cc2b25c3589947f16af15f97b2496d8e40fbd2d14d79a9e8837c4f0d5cca31eb785972318406c3363c18ae223521cbb51f9

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        451KB

        MD5

        51b5d564214617b943f49b70a4488e5b

        SHA1

        fcda74e57294cb42737ef84d840d70a2b799fd9b

        SHA256

        fbb62aef997e3dbe2156f1e72d980be3606cff3b5525562fe222417adbe4f0ba

        SHA512

        fbc7b60e1dab4a22d79f665323b0bf43bdf3014cf5d9c7a36fab3ea519b31a20336ef5dd25e07722bba5cec85627de6c7e80a81b0c2801993f851a7f034ce1fa

        Download Submit

      • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        Filesize

        461KB

        MD5

        18f48cb12f0c5421cb3561e689953b3a

        SHA1

        4f9487b5c8618fc25b50234150b6a495996eecde

        SHA256

        831208c9918a48fae41d9500ac729b0dad8f4986f8943bc3c27250eaa7ab9bb0

        SHA512

        c2149f30fa20f9f05409ab2abd61114ad85bc2cf86647112b55971a7831268395158df2c8f130574e28eaf2dbbafca646758a279865b1103c5a94aa42f5f40e8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
        Filesize

        152KB

        MD5

        91ae4fdf84abdae763b6387b7c513dc7

        SHA1

        10b90f49d3dbfe842d00abe68c6d326321e84ec7

        SHA256

        ff367704109fe09437a3f44f67d0d8236e727bc2be65ce9d4c13b8b751f3229b

        SHA512

        c3961dac08b02f58fca75f664804fdcb92d54b7759c7167b0b74fd437a9caa72f46b4ed4a1882c3f97db256f3d35b1a47e5ea934b665c98b6b5d68c43868086e

        Download Submit

      • C:\Windows\SysWOW64\runouce.exe
        Filesize

        10KB

        MD5

        28a67d9e87a9f236166d9b6d8719e92b

        SHA1

        512efea276e4692ea4b636f57326744b9c661804

        SHA256

        9c803e983931dd4042c84be7e85985930a65764263d248ef5b213df94a2398fb

        SHA512

        0d3bafede26f0f1a4bb2bd5acd07386bf002f1fd45fc1aa2bca1227bafdb1ead11cef8ec8c697972aabd316a981032ecea12f0e4494c63be6c19a0fa06c67212

        Download Submit

      • C:\vcredist2010_x86.log.html
        Filesize

        82KB

        MD5

        ba6ad075d058b71d7dad315287b2969d

        SHA1

        3ddf53f848e3392148bc08845b7eaa388aa4d62f

        SHA256

        64a2faaf05b1c4fb6205308ba92ccb3611be528415aeb92b0a36b04fe1f4ce0c

        SHA512

        fccab38195e0c2385e71305f14e885805a7b9ec4214932a7c616f551c2bf5e6268bf9b9b4f1c9c3e71d75773427ddc118c35e2d91c11de6ec6f2b64acf624b2f

        Download Submit

      • memory/1252-5-0x0000000002A60000-0x0000000002A61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1252-6-0x0000000002A60000-0x0000000002A61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2140-380-0x0000000000240000-0x000000000024D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/2140-379-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2140-3-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2200-616-0x0000000000280000-0x00000000002B5000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2200-607-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2200-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2200-2-0x0000000000280000-0x00000000002B5000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2200-1-0x0000000000280000-0x00000000002B5000-memory.dmp

        Filesize

        212KB

        Download