Analysis
-
max time kernel
344s -
max time network
320s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10-03-2024 21:59
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
-
Size
904KB
-
MD5
0315c3149c7dc1d865dc5a89043d870d
-
SHA1
f74546dda99891ca688416b1a61c9637b3794108
-
SHA256
90c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
-
SHA512
7168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
SSDEEP
24576:bnQv6Dyxn2Qx0KHizHWKxHuyCcZFyXR1tG:2OE2QtCzhh/7R
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 11 IoCs
-
Suspicious use of SendNotifyMessage 11 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
904KB
MD50315c3149c7dc1d865dc5a89043d870d
SHA1f74546dda99891ca688416b1a61c9637b3794108
SHA25690c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
SHA5127168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
Filesize
128KB
MD59429768964bd07953c1753f632494e7c
SHA172408e7e2c8ef4078298c8bd0eef3ea883d74b07
SHA2561db2fa21ea97373809bcfb831653e8fda0d561d7b44974020390aedf054c9ffb
SHA512a35c5276b70484a95f780d81746ffdc547f550ef15ab6e06ae8fde94a69a06efb9415e64938fc056d39ecef093dfef65d03e5b3fb8a8d0c5c7b912e409ddb5ab
-
Filesize
704KB
MD5c4a5e1c56f3d0ac2e8769c5804cf7716
SHA112044d2e8166c03ada750308389c42e1ec400ed0
SHA2568fc82eb9a4b47a5a41f12be86d369da616e33b6d2ed7b61b01f8c3b1add0793d
SHA5126bcf642aa14dca8982608b97ffb442a77e8761afce1389da8286f09b7b02eb94e879ebae6b97982bc9c540e0601c0820b852ea5eca5ec918712af77b19898565
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
4KB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
4KB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
4KB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB