Overview

overview

10

Static

static

1

a7e7c55d76...00.exe

windows7-x64

10

a7e7c55d76...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7e7c55d763359f4b590ea4eec10b800.exe

  • Size

    430KB

  • MD5

    a7e7c55d763359f4b590ea4eec10b800

  • SHA1

    c9c9c25f0f90048face442c607428cfbfdc3798b

  • SHA256

    7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c

  • SHA512

    71fedc8d1d8961c9e253876f66f434694fe7df200d391af577602a83046bc4698bb174cb93ecc78ef9bb4b75fa19cf15d35d21f4b349c29fd22008c4089bd08a

  • SSDEEP

    6144:e/U771TbuciCpDrVoOdwruNfqpKkP2sv/3gh6CMqEfRYM43Tj6QdSkUvd:jIhCpDrVjD9qKU2NhynGj6QdSHvd

Score
10/10
pandastealershurkinfostealerspywarestealer

Malware Config

Signatures

  • Panda Stealer payload 5 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
    "C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
      C:\Users\Admin\AppData\Local\Temp\a7e7c55d763359f4b590ea4eec10b800.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/736-6-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/736-8-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/736-9-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/736-11-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/736-35-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4168-0-0x0000000000E80000-0x0000000000EEE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/4168-1-0x00000000753B0000-0x0000000075B60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4168-2-0x00000000059B0000-0x00000000059C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4168-3-0x0000000005860000-0x0000000005874000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4168-4-0x00000000058F0000-0x0000000005966000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4168-5-0x00000000058D0000-0x00000000058EE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4168-10-0x00000000753B0000-0x0000000075B60000-memory.dmp

    Filesize

    7.7MB

    Download