Analysis

  • max time kernel
    133s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2024 01:09

General

  • Target

    e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060.exe

  • Size

    5.3MB

  • MD5

    0b01ec2c4b4faac5d7591c9b17d75d2d

  • SHA1

    a28a8431348d751709887d1293c80237782ab6b6

  • SHA256

    e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060

  • SHA512

    b1e8ce594be3b14968899c3be2c8bf8e583645beb3e3ec383821fcac0b8c8bbd4ff72c32bd11fed4194fd2e0b00cc53652d16fbfec516655ec8a0472ea93b17e

  • SSDEEP

    98304:PKMBJC+aOomVZs3/H+ub898uncF7IsMZJ7ANoQbz5MYverP6JU+B59yO4SO:Ph++zg3/Hbb8GunsmJgMijJUnO

Malware Config

Signatures

  • Detect Poverty Stealer Payload 8 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060.exe
    "C:\Users\Admin\AppData\Local\Temp\e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 740
      2⤵
      • Program crash
      PID:2684
    • C:\Users\Admin\AppData\Local\Temp\e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060.exe
      "C:\Users\Admin\AppData\Local\Temp\e2342e90d6baeda675e92025124c05266e4b99f251d967ff6a49ac65fa385060.exe"
      2⤵
        PID:2968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2860-1-0x0000000073FF0000-0x00000000746DE000-memory.dmp

      Filesize

      6.9MB

    • memory/2860-0-0x0000000000BB0000-0x000000000110A000-memory.dmp

      Filesize

      5.4MB

    • memory/2860-2-0x0000000000890000-0x00000000008D0000-memory.dmp

      Filesize

      256KB

    • memory/2860-25-0x0000000000890000-0x00000000008D0000-memory.dmp

      Filesize

      256KB

    • memory/2860-24-0x0000000073FF0000-0x00000000746DE000-memory.dmp

      Filesize

      6.9MB

    • memory/2968-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2968-10-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-19-0x0000000000200000-0x0000000000201000-memory.dmp

      Filesize

      4KB

    • memory/2968-17-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-23-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-7-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-6-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-5-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-4-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-3-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-13-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-14-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

    • memory/2968-26-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB