Overview

overview

8

Static

static

3

a40361bdb2...1b.exe

windows7-x64

8

a40361bdb2...1b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b.exe

  • Size

    1.8MB

  • MD5

    fe2abc67dbbadf24babb8d8d57ada549

  • SHA1

    14b7616bb646498f859c393b6840358cdf810057

  • SHA256

    a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b

  • SHA512

    17174cce75ae8330acffac3865ff4196f36524658de0798485f6bb7f9d844117273f092efd26429f0a15efa6a3d98d6a71d2448fd21d253f781f504be57c2d0b

  • SSDEEP

    24576:j3vLR2VhZBJ905EmMyPnQxhe42LwvHYgUBoHDC/hR:j3dUZTHaLAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b.exe
    "C:\Users\Admin\AppData\Local\Temp\a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b.exe
      "C:\Users\Admin\AppData\Local\Temp\a40361bdb25f5655464314cf7739dee528298182d28271df8b78e9c069a5851b.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da971084b8d3ffe141c5859069f0e3d8

    SHA1

    f89cbed934627d95c0f3f8fe4f4b81dbd7746b35

    SHA256

    ff3720b877b4140702119d590f9b0af674a991c35e016af3b8436e776a3fb84c

    SHA512

    d473c727147a203e6e69cb5aad7313733f36af813bba07e1e870529d34b81116a90d58aa72fe3a3130e3b1ad24f560f098c1b3c3c7080cdc20ea41a16ad21665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0ab593ac4209e16f0b04a91cc29bb7f

    SHA1

    6e9200bdd826d52744aac0ce493d15aed068f057

    SHA256

    570b82fe5854a52f7af26781a9cc4d7365441f99f7e260db47c8429935c842b6

    SHA512

    f5dd224cbb3ddc68f92aeba15d06a4719c2a1ba63ea0b0b8bf35e2f4872080422c575b7ac2e61b7a8e2f45a16e2120d70640123284830d23070310d7986538ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2bf52ac1e48814fc34257c8645eb8b6

    SHA1

    9c130f39ed6e6eed35f5db3e044a878c1c7b493d

    SHA256

    076150899748f8f6d261b5fceb95c3b7c678d46aa1e3015435caf64ea321e792

    SHA512

    5c23c2cdaa7f8eae92c3d19735d2ab9c7781fa336fe17d768789571c872bd966bb870c5b880312f636243e049db9f9f2111565d220158ea0fdb69cabbd9a8cb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35aed4b9085e0ac24f86918a95822a8b

    SHA1

    fc8b9074eca3b5ef62e6bbfc06259c002f50bd31

    SHA256

    25ef5225a17668a8bbd137a40c78c52791dc613a278a2f249a790b230c40bc54

    SHA512

    c63955d808340da56c0c23c38315d596f3f393cfeb339a9839bbda8b110e3d6bd47f6a04a98f6ce3a57c792cbb030e701698d14336ca05c76382bd1da9dce38b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf9d17f330f7c4b52ab6c8772518e056

    SHA1

    b4c69d64581f17a78d236823504915cb82f3d1f9

    SHA256

    e684fb937a99e450b3fa678761661c59410fa1bf407e5a66b42b02f6576333d0

    SHA512

    8aa09ed55ec61e36237578410d0811d1771455d1880bd0962a4ebf275c8b672c65983c4b4e2201263d02c2d7a5800558aee88d9e36d40265a9eebe1e153d2f14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29280785a9c29a6cec01ac15cd1cfba3

    SHA1

    3fd21e905d0cb036db791c880c36474e22bc03df

    SHA256

    3614f8c7156d8b07defa50aceeef2c5ca43ead1e1a61ed1f90b74944532a7dde

    SHA512

    62ef9e4b6006cecff557665afaf41a8d682c8fc8593e9567616bbbbb61452afbb323dfeb25784375131af7ce1714a065b024822fa02cffbe9c6a5f651fc46eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8452cf4911261fc44ce94b7cee938256

    SHA1

    4f7ef69b38b4959cd62c7ef2335aa4c68c484b42

    SHA256

    5a9305d5f2dcbb4a201b94e4b21da81ab89e285652b5849c2c6c932859c49cd2

    SHA512

    dd899118b240389bce7bdfbdfa73b777e1fcd055933e11e066075ca02ccc08a086c2804237fd15076d15dd98fa8cbe9901257bb91e12a611bdeb8172741d84c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e94375618fa32ae1e7e52d936403a71

    SHA1

    6c98c2b5f5c84958555ec8282b158922cc1b7068

    SHA256

    2b6fa256225a7a5cf981f67bb5c02eb30d7117d890782a53be973db42d7bb958

    SHA512

    3bd87f10fb8178ebbd7f9849e5588b0ee7e0cb276e2750c6bf5ebcdfd83f14a48bf703a87dd9d122837fed99f6f5521124ab33c4f161b2feabdec00d8549afef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96691731235fa09c8930118df275ae85

    SHA1

    d9e35aaec5c7f1c8e35db4eb6fb05abd5373b497

    SHA256

    ae07d74c8f5cffef43542c3b694d82baf4d7b2d193fc81cbcd3aaa51a8abe623

    SHA512

    b1a3df314218cadc851416ec1c5ad3df5b2f5ddef36765ca7e66cbb38e6061adb004415a135404e395591d3a7e28e3370a5ab26eed14a02242126d789c0c8f9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce553e6ed3f67b9433571b4e07d56463

    SHA1

    7cb82da06719a859ed10184a67dc415863503a13

    SHA256

    1357e8aa023203473cae14717270c3e6ec0624bf6a4018b564ae4cbb86e89e88

    SHA512

    b2182206de6319d3764c724570c0a8b50db8b632e40ac69457da73ed52491055848803e382a6b16c754e6db9c16c26ef5eda1c14313d79eebb60e76fff090d8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8479b9746f06d996acc0aaa102e26f7

    SHA1

    b9c68413241e94a3e7050c6467e1f26be938d4b3

    SHA256

    7fcd906d769a24f68f9bd38f0774664233d439c1def9e96f97e51c6be4b2c01c

    SHA512

    26f7b85a4c1ea76fd3708f9a9ddee5ee023aefdc07a45878650e04bea6a5686b8982c07c7561dcca020112b39bb55a24312b602e033076fd11df4a08b6fe87bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0fd56c7a6345a184bb909e9adc7310eb

    SHA1

    a77e0aac48051989710478fc4b06500bd8994090

    SHA256

    292c2b38ba09bf30035657145b4d1c681297046887c5a401a243d8a26bab7670

    SHA512

    bff27ffb95563a6351ee52d0309b07ae543ff5b2da952c0d4a02cc19f6677639ad2e5284318ded61ad63ce78014747cda2edf65fec618a5b3f044c6d032d67e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a0444d5d1b547ec65a7e4d4cd595705

    SHA1

    df5fae0f00073f25b4a20bf9bfa23e9712e0676c

    SHA256

    9b6f312b708165a2ac63dc9ad838afd165d94397f6bf58af83223fd63d313af4

    SHA512

    cdcf5a8579e46d825fe73d5eecc26c55b95dfea48be7fd38bbf9c5154d64ecc828b3e0dad67cafe83b9ef23d194f89d702368cb023301139b52e6dad1d487428

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8402.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8743.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2852-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2852-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2956-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2956-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2956-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2956-7-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download