Overview

overview

7

Static

static

7

b8f344433c...19.exe

windows7-x64

7

b8f344433c...19.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 14:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b8f344433c52c889eb6c015ab43edf19.exe

  • Size

    71KB

  • MD5

    b8f344433c52c889eb6c015ab43edf19

  • SHA1

    4354c5982917e3cd540e33019594c3e1bf646057

  • SHA256

    39813573816a5a6c8cdf4abad8d18d7d852b905f0271b3d7fbc67c04a20e2359

  • SHA512

    54522d06b3b2a2c4be113a825a76de12e131d5a98f8b1f670d287809f64ac6a9ee5496c7484ac87912f0b67ff0953aef6fa696ab683a6cc73d77327052003544

  • SSDEEP

    1536:s9Z3KcR4mjD9r8226+v9Z3KcR4mjD9r8226+3:sr3KcWmjRrzSvr3KcWmjRrzS3

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8f344433c52c889eb6c015ab43edf19.exe
    "C:\Users\Admin\AppData\Local\Temp\b8f344433c52c889eb6c015ab43edf19.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3340

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          392KB

          MD5

          c9215f6221fe37859808a801b639d9ee

          SHA1

          93e8a1026e1cf229b73844f28807aeaceefceb8f

          SHA256

          465a15a02a3cbb5f5c0d060f6d1e8214a6ec6e233bdbb39979033aaa512a14de

          SHA512

          44f74b244a53a128c775b131a09a51ebf8597b992bba54e1f631570a229d2d09cc5bc33cc47885304cee7658b520cab57bdec484184d5dc4dd1e42ebdf0041b5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Nb7wRwRLOUR3rRV.exe
          Filesize

          71KB

          MD5

          6bb117a5fa1be65323b77c92fcfc80cf

          SHA1

          ffcc1d452279cf6e334e0f0db1725128900180af

          SHA256

          e2d623bee4892bab023fdc16653425799ab73805ee5543905f555947b011a2a7

          SHA512

          aff1466d01b909064e9c8b459f0903005448e138dd2c056dffea6f66b755a865a464cbf69ec4903613c0d504db9df345fcefdbb210f1c80e7e272414f808658e

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          22069d1278ebf7d1758e20c4b118c39a

          SHA1

          cfd6c00953bc91dfa91a809e99a230b0ad222eec

          SHA256

          c4875ef691c5e0dbcdc5dd700f610042ec63e251f184150eeb3e7ab1dde3c9ba

          SHA512

          7ffbb4fce2779e7dc7ea19773a843eb174eb9e8dfc136a45ce8606c6c1657887f73409bfc780c391fe38dacc56c8a6ca4f84d3656236d631b42ec2946346b61d

          Download Submit

        • memory/1796-0-0x00000000008B0000-0x00000000008C7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1796-8-0x00000000008B0000-0x00000000008C7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3340-9-0x0000000000BB0000-0x0000000000BC7000-memory.dmp

          Filesize

          92KB

          Download