Overview

overview

10

Static

static

10

7e08105dfc...9a.exe

windows7-x64

9

7e08105dfc...9a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe

  • Size

    2.1MB

  • MD5

    9e392efe6bb673eddd89fb93ec85bf65

  • SHA1

    604d19e39bb8f1a45c8f3b26ae300269139eeb40

  • SHA256

    7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a

  • SHA512

    8607f13723ccb7c3c1567df55558acafd5182bc0d93492c56b3ff296286c44eaea21fc6e098c9d0b3a433f4689cd8711829eb9e106e69fb772f16604608a9d19

  • SSDEEP

    49152:VtE7HkC3vDZqvnXz6mmRRehp+Ms/vkUvYjhtOzoWs1g9aLQ:ALvDKz63ohE/czjhcsWog

Score
9/10
persistencespywarestealer

Malware Config

Signatures

  • Detects executables containing possible sandbox analysis VM usernames 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe
    "C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe
      "C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe
        "C:\Users\Admin\AppData\Local\Temp\7e08105dfca06c3bb5dc9855fd8a151e69a640d9a267e0342595815d89a3ff9a.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian cumshot lingerie voyeur (Samantha).avi.exe
    Filesize

    117KB

    MD5

    ae113b14d982245b3ca555ea8749ef8f

    SHA1

    83de0c37ca7ba030beeb854531fa0fb019c7aa40

    SHA256

    70b97824feacdaebc497afbb723ad1ce6aa5266821669a5658262c10545947ad

    SHA512

    2e6da5d0c61bab4ce6050d974486516dafe75fcc87e0d1f4aa797283889a4d259518e4c5fc4a04692db31c67bc7cadd9fb27b2ce7a53e81da1461e7f035d5cb9

    Download Submit

  • C:\debug.txt
    Filesize

    183B

    MD5

    f8fa4eabc752b8475bef5b06cea06355

    SHA1

    3ee3e99379cb5deba57aae00b4135cdc44795701

    SHA256

    ec1fdfb30e5f822cee1aa6589c200f6b5fe13dc6bbf2fb504a7ef1c87aed6956

    SHA512

    8464ae215626cfd1e3a6abaa0be84c854c58e2c9959c3dd016378c314d27ff856adb297c4dcc2dd1169fa85e176ae0511505d145829e522c6d88667de379208a

    Download Submit

  • memory/1028-87-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2696-57-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2696-86-0x00000000045D0000-0x00000000045FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2876-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2876-53-0x0000000005400000-0x000000000542B000-memory.dmp

    Filesize

    172KB

    Download