Overview

overview

10

Static

static

1

a7e7c55d76...00.exe

windows7-x64

10

a7e7c55d76...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27-02-2024 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7e7c55d763359f4b590ea4eec10b800.exe

  • Size

    430KB

  • MD5

    a7e7c55d763359f4b590ea4eec10b800

  • SHA1

    c9c9c25f0f90048face442c607428cfbfdc3798b

  • SHA256

    7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c

  • SHA512

    71fedc8d1d8961c9e253876f66f434694fe7df200d391af577602a83046bc4698bb174cb93ecc78ef9bb4b75fa19cf15d35d21f4b349c29fd22008c4089bd08a

  • SSDEEP

    6144:e/U771TbuciCpDrVoOdwruNfqpKkP2sv/3gh6CMqEfRYM43Tj6QdSkUvd:jIhCpDrVjD9qKU2NhynGj6QdSHvd

Score
10/10
pandastealershurkinfostealerspywarestealer

Malware Config

Signatures

  • Panda Stealer payload 4 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
    "C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
      C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2076-4-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2076-7-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2076-8-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2076-15-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2340-0-0x00000000012F0000-0x000000000135E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2340-1-0x0000000074500000-0x0000000074BEE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2340-2-0x0000000000DD0000-0x0000000000E10000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2340-3-0x00000000005F0000-0x0000000000604000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2340-6-0x0000000074500000-0x0000000074BEE000-memory.dmp

    Filesize

    6.9MB

    Download