Overview

overview

7

Static

static

3

9a66602586...e7.exe

windows7-x64

7

9a66602586...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a666025866105b65cc196b4e0bf3ee7.exe

  • Size

    200KB

  • MD5

    9a666025866105b65cc196b4e0bf3ee7

  • SHA1

    a64cfaefd7e8b8ae312a80bf7c403ebd00be7334

  • SHA256

    7aba204304f9cefbdd41c0bb1c207011b4889a7b4a3890ee673be2760f5b87e8

  • SHA512

    efc2716bfd4916e300f7530d9e09eed80bf8278dc2e9ddf801f430fbd514c5b03f0f203d8513c690b859d599b0d25138316a95c581dac6888fc7e53b727f621d

  • SSDEEP

    6144:1OY5Bj3VHC+mhRicqp2qyjlWYaLWt0buNRxga:1b553V5ZziMWtzL

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a666025866105b65cc196b4e0bf3ee7.exe
    "C:\Users\Admin\AppData\Local\Temp\9a666025866105b65cc196b4e0bf3ee7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Sun\Java\516CTM~1.BAT
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1004
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\9a666025866105b65cc196b4e0bf3ee7.exe"
        3⤵
        • Views/modifies file attributes
        PID:3168
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Sun\Java\516C.tmp.bat"
        3⤵
        • Views/modifies file attributes
        PID:4308

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Sun\Java\516C.tmp.bat
    Filesize

    422B

    MD5

    cc186d26de6fda4cdbe9e66644d80f2b

    SHA1

    961af7b27960970b5c341addc1716b3ba5abf04d

    SHA256

    69afd5aab439346d00b66a560f5531a5a0a1dc611cde9afcbb59320a33c0ad89

    SHA512

    4884b4933c3de57b8afb7a01984cd73a73a8c76217524d20e104721f64797200fb1759ddaf35e8663f165229dcee6346a4db5cfa822e515968659c4b581a28c6

    Download Submit
  • memory/1232-1-0x00000000021A0000-0x00000000021A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1232-2-0x0000000000400000-0x0000000000432000-memory.dmp
    Filesize

    200KB

    Download