Overview

overview

7

Static

static

3

3ac5377906...63.exe

windows7-x64

7

3ac5377906...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 01:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ac53779069431944ac4f1b744e2e5c6b0a94ccc8dc73a038d0b2eb159158f63.exe

  • Size

    1.8MB

  • MD5

    ed80d8a90816388ce6606d25bde093e6

  • SHA1

    6675972f9186a524ace402d17ce10d3288badb15

  • SHA256

    3ac53779069431944ac4f1b744e2e5c6b0a94ccc8dc73a038d0b2eb159158f63

  • SHA512

    189c06b66130245744e4b3470ab600f11244550f7a32a803a9ca018766f2b56ba8494dda2c2d2307a3c91df25dd7309bfc6240ec2b0f65ca761ef8807ec380c5

  • SSDEEP

    49152:vx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAg/snji6attJM:vvbjVkjjCAzJREnW6at

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ac53779069431944ac4f1b744e2e5c6b0a94ccc8dc73a038d0b2eb159158f63.exe
    "C:\Users\Admin\AppData\Local\Temp\3ac53779069431944ac4f1b744e2e5c6b0a94ccc8dc73a038d0b2eb159158f63.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4900
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1596
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:1232
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4576
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3968
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3084
    • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3036
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:2888
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:1924
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2112
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1320 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2644

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
              Filesize

              2.2MB

              MD5

              e0b94a6b00279c61825515cd7df436ac

              SHA1

              50bd2fc5aed46bd9a1e35ddfd89aeae15bd98d7e

              SHA256

              4ba22cecdee539becc940d2934edaff802d31f82b3b7bef04e4711e7bcbf66f7

              SHA512

              cadf33b6450852a33ffe1c6c21db8cd48f198b2c6f6e0c2e1768550c16bac67b973678085a3ffaccdd5a386e985b3d61a74fd780811dbc24220e9db015d500b9

              Download Submit

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
              Filesize

              1.4MB

              MD5

              f791ec0457682bddc4031e48315ab7b7

              SHA1

              308d2db74ea95939a7cac411a502e166ff15f756

              SHA256

              1ba3785672eb69c6baa1760d96b4da47eadb0eec357b52d7d777e20b7f7d8fb8

              SHA512

              e0a2999b4615c7c88c8f41595736ee03f8daa9093911cf2781a9afaa4434f57a00b0ad39cb919811250ddbdd1d85fe9fcc8ca74bd37862c6372b584f7695d6b9

              Download Submit

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
              Filesize

              1.4MB

              MD5

              cfe8f9452b0cb54d1ad7617a606979b3

              SHA1

              62e003c91f2e91dfacdeed91a6173ecbcf52ada4

              SHA256

              177b1b2a50b9236dda12fcd4f6290999431d7dc4d1771940f36e3bc219f52444

              SHA512

              c2a5440095c43738c5229410315c08f35c1932f775d934ce17fd92356eead8ef1403711477404b9af412ac5b7a1611427493980f9eea068a246653fe70174e6c

              Download Submit

            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
              Filesize

              2.1MB

              MD5

              5ad3e3c558f2192c08b0e1834ce82895

              SHA1

              2f84c0fe0bad23b3aadb090948de507b5f6c3c33

              SHA256

              1e35d349c9b7e5a747075e0ff461b30fac4519ad55ceb73bba0d7cf795aac061

              SHA512

              ec55192a8e2c971cec945d7c9a7eccd4728a539a6d474cc81be2dad8d951cd6119dbf1ff692178a55b1b091d65157fb170742cf9e6f2998eb53b1f1eed23647a

              Download Submit

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
              Filesize

              1.3MB

              MD5

              b46a9da9a9d819fcdccf8bf3f61a3761

              SHA1

              f1e3fcaf2401fc901a2c47aca9ee7de9f5764798

              SHA256

              c151bb37594164ea3dcc32c752668913ee62aa16580050457bf6dfaec670f0fb

              SHA512

              b8a7e8b20f391930124c57d59d4da7244d2f664956c5bd68dbba9e7697de48a644a2272a8122c53e6f8b503ac57d85a5d2a68def2781e07c61c6ce9fd07e1319

              Download Submit

            • C:\Windows\System32\FXSSVC.exe
              Filesize

              1.2MB

              MD5

              e9f774da350b8a13cadfbfd18fccb71f

              SHA1

              6ec17334d7b23565c6a0cce1fd65a0874a12dc2f

              SHA256

              bf9361b0863da59270b9c5d1cf547385c355f0d43b04da3e64f785f60407f8c1

              SHA512

              d95ba8eedd29f237726ea8fa41f7e3af8510e0de1ff26a29a95b4d2e0a5f9f528ba605954f0b86dad6c4f08d9ae034b9435b9d2e17e2be66e9ab3ff91d28470f

              Download Submit

            • C:\Windows\System32\alg.exe
              Filesize

              1.3MB

              MD5

              8d4977de19a691424b69eb5e05812ea1

              SHA1

              e815b3784c383c08806a62e8a5bf6b3f9b905f2f

              SHA256

              ed6e391f5ef03cb64d6229be9553dbe836306f75ff0363d103dfcb64612eddf3

              SHA512

              e83e55d72e139c37db1561c07736e8e7bd1e6e00d1f9a9fadb13f32ad848a4d3379711e3202bcfe41412c14305d778a0f0ab240a92254047a89f3b05e320fc0c

              Download Submit

            • C:\Windows\System32\msdtc.exe
              Filesize

              1.3MB

              MD5

              93ade95037c0979a59fdf604743740f4

              SHA1

              d59468771a0ffa76bf06b849e5412deef1377d94

              SHA256

              ef08dac7fbb0f2e488c20d0c3e3784cfa5dc2bcaae859a738dd53b84f5013778

              SHA512

              87cc09aea38acf3796024923d5fb4791b1862163c3fd7ce5ae92ea474da5bea79353e51a5ef9fb9cbe9c58c19e9723e74c3b805faf2ff815f31fd2a417127135

              Download Submit

            • C:\Windows\system32\AppVClient.exe
              Filesize

              264KB

              MD5

              078b46021d3ddea0d657840db323931d

              SHA1

              20b1e4bddde13ed17d5da94cb9f7a97279160c90

              SHA256

              e1195b5e20105a580930d6cc31727f45ea56ce6e7a672ef06da5e4e0ff8c5d40

              SHA512

              3f1c57a4bac1fcbd3d33425a7efb5022b14c6b8ba3d5bddf42bbcf8e3c7beb2f0dac2fc4560dc333519e6ceaed51333bea21aa96dcc8b0d070df3de18e1bf514

              Download Submit

            • C:\Windows\system32\fxssvc.exe
              Filesize

              31KB

              MD5

              01281e708fca667b89f14285f850f86f

              SHA1

              6df72cf4215a07d254f86ac2095afe8748808e05

              SHA256

              5b3a33452e44d80aad16a3f3e8ea899dd5e84c17ed45f359cf8fa1e9acd90224

              SHA512

              9f1e2be71e6baaef0c7184f200b863c7d208102a0262a3149f5bb42b321624cc2a6a5a1fe188579510e6c743f42be7b372c513cb421c8c458beb5496876187aa

              Download Submit

            • memory/1232-159-0x0000000140000000-0x000000014014A000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/1232-94-0x0000000140000000-0x000000014014A000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/1232-95-0x0000000000690000-0x00000000006F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1232-101-0x0000000000690000-0x00000000006F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1596-20-0x0000000000500000-0x0000000000560000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1596-12-0x0000000140000000-0x000000014014B000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/1596-143-0x0000000140000000-0x000000014014B000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/1596-13-0x0000000000500000-0x0000000000560000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1924-332-0x0000000140000000-0x000000014015A000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1924-160-0x0000000140000000-0x000000014015A000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1924-264-0x0000000000710000-0x0000000000770000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2112-337-0x0000000000420000-0x0000000000480000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2112-336-0x0000000140000000-0x0000000140170000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/2112-246-0x0000000000420000-0x0000000000480000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2112-239-0x0000000000420000-0x0000000000480000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2112-238-0x0000000140000000-0x0000000140170000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/2888-154-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2888-151-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2888-144-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2888-157-0x0000000140000000-0x000000014016B000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/2888-147-0x0000000140000000-0x000000014016B000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/3036-290-0x0000000140000000-0x0000000140245000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/3036-139-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3036-131-0x0000000140000000-0x0000000140245000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/3036-132-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3084-118-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3084-116-0x0000000000440000-0x00000000004A0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3084-123-0x0000000000440000-0x00000000004A0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3084-269-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3968-128-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3968-112-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3968-106-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3968-105-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3968-127-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4900-124-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/4900-244-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/4900-1-0x0000000000BA0000-0x0000000000C07000-memory.dmp

              Filesize

              412KB

              Download

            • memory/4900-6-0x0000000000BA0000-0x0000000000C07000-memory.dmp

              Filesize

              412KB

              Download

            • memory/4900-7-0x0000000000BA0000-0x0000000000C07000-memory.dmp

              Filesize

              412KB

              Download

            • memory/4900-0-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

              Download