Overview

overview

8

Static

static

3

3555e9d68e...0e.exe

windows7-x64

8

3555e9d68e...0e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21/02/2024, 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e.exe

  • Size

    1.8MB

  • MD5

    e67eb0f1931598048a86b631ca38dc08

  • SHA1

    c9cd4fda324ea1484b7b7c1a02ac70ea195aaa86

  • SHA256

    3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e

  • SHA512

    53a19010fb91490781a00d4f197c50f50d4b30e81453a85697ef69e1ffd0a089638cd200615882d1037aac74e1266065b431882fd4a94fe55ca9875ec7ca1daf

  • SSDEEP

    24576:j3vLR2VhZBJ905EmMyPnQxhe4nLwvHYgUBoHDC/hR:j3dUZTH7LAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e.exe
    "C:\Users\Admin\AppData\Local\Temp\3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e.exe
      "C:\Users\Admin\AppData\Local\Temp\3555e9d68e33308c3a1b3ac80a119d2e8a76b2c21ea47cd42014e7586cdd6a0e.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2352
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de570dafd4cbe86abd305d7cc9e6bdd9

    SHA1

    e00796db2ddce53ab4bdcd590ebf8619f5f16253

    SHA256

    f9012961bf1c4988165057c831eb95fb171a89ae53ba336e5c10585fc2b26a40

    SHA512

    a158cd188b6304de5ca29ce08df406cbed4f2948bd0ab17eea4d9a2bf1347f440f475d05d5e8ae9ced0a432f8a83e273a65d9527a45c7333f156005b8dc065b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0fb367ca80260a66f00986ca34b5ff2

    SHA1

    500252d9c5fb9665de8de08cebf7e130e3b430c4

    SHA256

    a91e4f14d2065217c693861e0baf842b3815e01841aa7828a2e076193821fa6c

    SHA512

    7a6e29ea5cd78275d1735fc836a71c77226d36551a9837392700524ea533649ad2caf0d9b2e962206ef29226e5b9a0ce4ee20e17e5f5fb887704e255f9f87a40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f4f69cbaace14fc568b9a352cce5912

    SHA1

    985f4e8041ea7bbe44a0f0768cc483f6f47d7c0a

    SHA256

    ad134a6dca288aa486e818cea9d29b4b06e69173edea1e5a423ca296ad60c539

    SHA512

    8e7842de41984f8a8615a0fd7e1516e27a1bfac4e4373139102cd6d1b91c5d532e03ce648c35ca1c56c0d9983aefe4ad0e94655d2297780b1c82ee4fdd77f5ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26fcaaf12cff6ae00d4001aca393025b

    SHA1

    d2a7bc033d5d2bd7e2c594a8081354abc9ddfb22

    SHA256

    da6ff6b9779cfd2baf0268ad7fe2c19110bd367b2b9b077d674b9d4a3e308480

    SHA512

    fde914f1142e8a5e6783b0d07bd5afb7bf01081bf2f16b738c0c71a19a731c46c973ba5d24cc442643d9ce9b3b933b938d0e5943a46d5115567bcb70a2d52759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7742cbd4f17671150ef00e9fa40d3c6e

    SHA1

    1df0ea715b1a1207af15a531c9ee5303b32da585

    SHA256

    b151f5eb0d239b72fed8742e7a0a737524760153bfa5524a66678bf72537a9d6

    SHA512

    aeb404cc7e3f5782a90963419330541e045e369eafd33d20ca739ab332af677e2cc0f8e22fe4d9804a6790954bdc17e928dfe3bd3c287804161a8874e6def713

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    70f02832fd5a54d34fbad518ee119f69

    SHA1

    5895a3807767ca19be6e869d466ec83b72e95788

    SHA256

    1883660d673691a6ddb51913d826c05bf9226b53d6dcfe0c98d5efccc7e2135d

    SHA512

    a5ae9b858c3f6fee5caba95a2b79cfc2838283835457e65e6f7fb77268bcb097739540ece126fe9aa507807d9285225533651c48b1a3081d80e45608a11bf61a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89b03e0fbc39cdad72fd5675ea4582e5

    SHA1

    eb9b70b73e22796678c3f674d7d33e8ce972ea79

    SHA256

    06bc9a4d03d65fd81f4563a35a320e3cdf2dd36e9b4748a5cc4531610459956e

    SHA512

    e14f99a6c8bd7ebfcbc4c9cd4d78bb9a053bc4a30ca49da613f1163454ea900a6af30901753cee01211d763c447ae503291ad808268c687491bc27c580bd2474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cb97fdb1814a767f8190d9f4b8e99ab

    SHA1

    34f375f48f3474d0935bca1fb6128336f914a5a9

    SHA256

    d3d03130f41f6cabfc9d21fec5ef06999877344d2295ca386c46085d845b5d72

    SHA512

    1af382947856218e3fad7705b485509526704934f5e9727e2e8f25b5b0666b5f802fb41515f70c28e8752df8fb73f0221ba746f4e99ea12ebe04fe9d7b07d708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a18db4753aee640b323c6db5e42f601a

    SHA1

    d5c75bea36a20e0a09200a78bd6d0e10336e90e4

    SHA256

    0adf06757a04b120adde8cc6d6a28a228dd01bffa6cd6bcb82baf7c2fe7c27dd

    SHA512

    7122eec081e13d233108e09819635d6fddf1f37cef1606faac4e31bb0e258deb65fda0a0a648ae23ec72599791a0008afe4e6a0ff10d3efc18da9066b6d7ed67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d97c773778c343ae8071094e9485f73

    SHA1

    e1cc43cb7999eb451aef27388b092efcdd146ecc

    SHA256

    4a8e338d436e5f79a9e7a397fbce11bb0384d37f3cc0493519fc538d1955ed62

    SHA512

    baa0a3af6040587bd6e80eeb734a98208818e93b839df1d6fd8aa88ae57228028bf903aea3c3b80825d51f35203ebc63cb7acf01dfd24dbace63266143c9fe4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6d981eafeb8a8040718363d8178db38

    SHA1

    0605acb991bc52e64df795ece959e647b0c2bd71

    SHA256

    1d7f4ec24a38d6bfcf7cbb64f9ddfc745403b997efd4c7ef27d3e3e28ff22f29

    SHA512

    a9f268a8ac8da8a474116c2da6bfef3d43590b53d91b728937454f93813133db2f522e5599e956826f83d1232ed4a42f9b3953faa55b92c8d3ed3813d2853761

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84ba6834304bd02ce4d0ea77bc6b44f1

    SHA1

    9bfddaec1f79cc1d8578e9ab4b3fb94b02b77b4d

    SHA256

    722da7ecb0ca5336f992cd1ed93b80c569af47692b40c848c56d6d071a9aeb50

    SHA512

    b1ac4bb2cdbb1259ed90b2d1a422d386189bb7e5fc714e458abb6cf8991496fa3e90a67666f3e48cab2acaeb539949fae5e4fab74462903c2404c10a9f2780f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a29ab3999fe1e59dd20c5adf64a99f3

    SHA1

    7676836716788c7d84b0fa89a7c957cc1a007d64

    SHA256

    e4ed51779269102bb4c7c5f9db45249901860725d8a79150602442b57dd29a1c

    SHA512

    34db5b2ce5e6990171adc7531e540644044b4e4c5dd3522886e4503ad11a473da86806fe0295fb831b07f719abdacf61787c7469ce2773efa1599459b5c27e8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7eb6f32da111c1906581aabcaf020de5

    SHA1

    1ca07b45404ca8f31acd1777d1c074b3751d5ad8

    SHA256

    c005507dcafe8591c467d8a678b0209d923055aec462155afbee0438917f15b9

    SHA512

    05a6df1249ee0a192b2b31213cbaf3b11b01737e3053b919b94bf9eb378f6173b3d0e1cecfab801db2ee381529edcf6628f366e0526e36664325b685218d2b72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37154335ff3bbd6b9e29d43b7d984eb7

    SHA1

    3832666af5241078fc4992869f21db1bc6afe574

    SHA256

    819bd2d7012489b2804145abb06bea198c45250a69fffa2f6c0808c9724f32ef

    SHA512

    b9e5352dd2163e9b490936eb3bc894117850c4f54c45171d95caa89a3848dd4ecc1f4f1e548dec1f46182075f247d6e9ada6092211cb686104be3d00e59c53a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    463844d92f09db07511a6ab5dd91bc20

    SHA1

    593ba357f51f19aa177eb1153df393bdafc7dc72

    SHA256

    399473e6e01810b146de95dc6062e4314882a7d91b1125b12cb1f9754a424afe

    SHA512

    cc9c4f0c7e0ba640c15a3c03350318b4d2f0f0ab29dfdf831b2e0188a043189af1e5d1cadccfc9b1dd07115004d05a97264458f8166c87e9669f7e5e2adf8524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5397c4496b4eab396746ab38dec8a5b0

    SHA1

    9108123ee8412ccdd5d5e869ac802f69167abb4c

    SHA256

    1e3a4e97932dff05284dcbec2a5dd55736a15b69716210eb41c4516be39543d0

    SHA512

    190d93dff6d7d8d15ff3b75cf75e173c776f965106e4c11ced06ff4320447f1a11b631f572cbb0499c52133e34727a19b2c2b957ac11bfc100374e9f7a094e2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb3a6f8b4c8cc8b143ce2d16fe7f4905

    SHA1

    487d4ee8319f9e21e5e986ebf953e653f2fad468

    SHA256

    30d9d793f0488593481d571f8f7b9a93ccbb9c0b528cf1ee74222ede57f02c21

    SHA512

    4f6f5c4a4ffc7e81800b08fc422054ef08827ea7a14d9cfe1c005f248bfddd794ea8fd9f97c5fa2fe0ace7fa9c5a3acfb0b7bab366b29c19d68f0572b2bed35a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b158a3396d3a18b1a554e0822a563dfc

    SHA1

    554274821805bf3ddf5f15afe0229e3527459719

    SHA256

    4709b9acf78305a07f6fa415a80d221251a92729284cf4ad0b7209c329f19249

    SHA512

    6e3e337905c9f2f100fb0d8b9a277ea3880e5967712ba18016165dd8f659d33ba7e5ca1d3188391e3270d5cc66f3c131f330d0d2fee7f3ba4b177dc5548af1ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB1B.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB9B.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2540-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2540-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2540-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2896-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download