Overview

overview

8

Static

static

3

7e4e7447ce...56.exe

windows7-x64

8

7e4e7447ce...56.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2024, 15:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e4e7447ce04580a3af3a9bf90810712d6daebc0ced6c6856eae22771ac50956.exe

  • Size

    33KB

  • MD5

    0e8792b58f9237e03516447b7048d63c

  • SHA1

    6f28494f0766ee470bbced1fe79fb10e5fee8252

  • SHA256

    7e4e7447ce04580a3af3a9bf90810712d6daebc0ced6c6856eae22771ac50956

  • SHA512

    6b935debde1916d7b1f2239ac3534c1f1585406c0d5f1060fdb356253cfab2fe9c716fd7ad05f20b9b3bb222307f15ae1b88e9062c7282d570b523150364e8a5

  • SSDEEP

    768:PVElOIEvzMXqtwp/lttaL7HP4wIncLRdR5kP78a0RJW/a:PVaYzMXqtGNttyUn01Q78a4R

Score
8/10
spywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1192
      • C:\Users\Admin\AppData\Local\Temp\7e4e7447ce04580a3af3a9bf90810712d6daebc0ced6c6856eae22771ac50956.exe
        "C:\Users\Admin\AppData\Local\Temp\7e4e7447ce04580a3af3a9bf90810712d6daebc0ced6c6856eae22771ac50956.exe"
        2⤵
        • Drops file in Drivers directory
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2424
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2408
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1920
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              4⤵
                PID:1764

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                258KB

                MD5

                196e80c6461b51a75560df3e57cfbd9a

                SHA1

                3dd1bb9835e97f093efe4ffd8c078d8fa3d4ef7f

                SHA256

                dee2cf210ee5f75549462b7cb03674155eb011190c77e332d53edcf655bcc237

                SHA512

                00a3d357b589b85a644c78558fd8eff80832cec119f8d4976f7248ce2521dbe331078129ec35af26ec18d182daad55812e3d57f2f9b73615762a37ac2fc15798

                Download Submit

              • C:\Program Files\7-Zip\7zG.exe
                Filesize

                717KB

                MD5

                476086cf88808e6e7f45b3778a684f22

                SHA1

                581be632d283711590208b67805ecae2a3c174cd

                SHA256

                6fbbb67461d9403ab21a6691b86b01c4e0229efedd7df75f38aaa6415c892de2

                SHA512

                af3a43301baadf78666057e9ca3f7dead6cf8dd5eba66cb6f77282597bdf30500c04b2adaabdcc5ea7533a0ac5bf0f736d1fba3dee0c2f9a68eb2a58e4daba4b

                Download Submit

              • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
                Filesize

                478KB

                MD5

                e93193856beaecee9905e2a6f36be17f

                SHA1

                d4c267ea34f28f048e29461656984aad70912eda

                SHA256

                1d345f4e09acdbc12e63ce90d0bd373b56d50a378f4603d8425f6df815e44a7b

                SHA512

                1fbe9c0e86ad98d6a2a7924badec0fffc69a7d0a4839e8af45d0aedf1e4e24a4a798df0ec5b8d0aa6e0e566c0c83a4030549bd32b9ac27406fc772d4a2ff5fc3

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-3818056530-936619650-3554021955-1000\_desktop.ini
                Filesize

                9B

                MD5

                2ff79c7e9d808839945eb189c3d6bc8f

                SHA1

                9c3670ac7a3449376a29d051d05595809443e8a9

                SHA256

                bf7fcc6751a0bf3866fe23a58c4ca1d0dc56eef7e4587624f91e1e5ff363d7e0

                SHA512

                a8137fc967a70c92a0b003bf2f2133f7b612bb9d1423311439ac8f07840129a74320fb3006dcf96bf5ce2bcaa8a5b51dd5d2d0f92b9cd11bda9e9682137780d4

                Download Submit

              • memory/1192-5-0x00000000025E0000-0x00000000025E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2324-0-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2324-9-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2324-3256-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2324-4080-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download