Overview

overview

7

Static

static

3

ae3440d0c0...a7.exe

windows7-x64

7

ae3440d0c0...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 09:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ae3440d0c0480073a5ff87c0e484f8a7.exe

  • Size

    645KB

  • MD5

    ae3440d0c0480073a5ff87c0e484f8a7

  • SHA1

    f26040a6fc48f3d3fdb7f236cf62e07b372a3f1f

  • SHA256

    13aafc5c001a6c85ed85a2028d8df74ed29fb3b4b5765a369954afa071e8eaca

  • SHA512

    bb8126109c5d7b45efb9ae300b923fcff9e15b40c90648522caa66e6bc26c3ed55a68c8023112968812b6f7c1017777c6b23a68cfa40c0656aefdd3bc9ca5cfb

  • SSDEEP

    12288:QmipyUMQ6HO7/uKItdZF0CjuYoRK8kmY6IhWwhfDpdGFloteUkS4p8EO:8u5dZFJuHRK8krcSpPt

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae3440d0c0480073a5ff87c0e484f8a7.exe
    "C:\Users\Admin\AppData\Local\Temp\ae3440d0c0480073a5ff87c0e484f8a7.exe"
    1⤵
    • Checks for VirtualBox DLLs, possible anti-VM trick
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads