Overview

overview

7

Static

static

3

ab3ad66b97...0b.exe

windows7-x64

7

ab3ad66b97...0b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab3ad66b974827a4c413e7e0052ed00b.exe

  • Size

    173KB

  • MD5

    ab3ad66b974827a4c413e7e0052ed00b

  • SHA1

    3b78a56b113b7b24fcbf8c0268c678610919f34b

  • SHA256

    bc48242bb64b374836a40e210f5910cb5eea98c819c5b2b7252457978752cb30

  • SHA512

    a46475ff42c372870de0686fbcb2a31ad1cdb218749175611c3db39364f55c012f0ec4c4a1b8a2307984af82996b89e50cf7b1305e4bc60b0c3552ad6dcea2be

  • SSDEEP

    3072:nNl915Gffjkjyz2pCK+bqirahR+2AoL/0RgB7sSk4cgZmtiB0:NlD5KjkjyipfW5rahQ2AO/0RgBoSxcgU

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe
      C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
        PID:3028
      • C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe
        C:\Users\Admin\AppData\Local\Temp\ab3ad66b974827a4c413e7e0052ed00b.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
        2⤵
          PID:688

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\D370.505
        Filesize

        300B

        MD5

        854f745930fde3577dd6387089c6e37b

        SHA1

        71aa9d0a397dd0fe83e31366e1b59e9b786bff6e

        SHA256

        bf97b5934b1de52c81ea8ed07c73d62e38672a165c1841c81f4826a8c0f7a3ec

        SHA512

        52077811438f3acc7762ffbd1cd8b1f2e427c32733355ca4e844596e2ec586c6586a7c88b289b8166bb858ade4787be5ed9a09fe8b1e3beb90a08982e9bb2db4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\D370.505
        Filesize

        1KB

        MD5

        83edf87f64b3a24907749f999428e1d0

        SHA1

        7669c473d7fd82e6acb157eba167a072286cf27b

        SHA256

        42b9897549695f612f0e3fe3faeddee02fced2d788056e8d266bcff2b2430c89

        SHA512

        27952e40e5e90e415b56bd7c1d6bf5ac8f6ea2398b760956ed4503834983bb9e16fd616ceea216582d54f8407ad84d768fc4778a68e6deabcbb46bfc6f0c9da4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\D370.505
        Filesize

        600B

        MD5

        978b911d12eca503b5450239e6efeafd

        SHA1

        ceef1a7bae990186ea9141c928e0adc619ed2688

        SHA256

        3f094c41f41f27d4d3bdb927e5e3055011973abed965e72d0e717e17a54051dd

        SHA512

        42dbb9b89717c06e39f1949418567e8124f2067bf1cae5382d3ebbecce0624a6487df47924a2d754df12e68b5fe949ea01fae6557082d8a14ab3d85cf2ff8030

        Download Submit

      • memory/688-81-0x0000000000270000-0x0000000000370000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/688-80-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/688-149-0x0000000000270000-0x0000000000370000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2936-14-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2936-1-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2936-82-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2936-83-0x0000000000580000-0x0000000000680000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2936-2-0x0000000000580000-0x0000000000680000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2936-192-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2936-197-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2936-198-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/3028-8-0x0000000000400000-0x0000000000444000-memory.dmp

        Filesize

        272KB

        Download

      • memory/3028-9-0x0000000000509000-0x0000000000524000-memory.dmp

        Filesize

        108KB

        Download