Overview

overview

7

Static

static

3

c3621af29a...9d.exe

windows7-x64

7

c3621af29a...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 12:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c3621af29a5d5c92637a78caeea6be9d.exe

  • Size

    526KB

  • MD5

    c3621af29a5d5c92637a78caeea6be9d

  • SHA1

    9a4e2e488809c81fc1c257e4c6fffb4b75b36f19

  • SHA256

    536065e717af02f098e2e9ae288c1012e374ca7d82d3e5eb77a4b3df16b7fa3f

  • SHA512

    8946613b7e8bf637db0df0b7232c2ed574c498819fc04242ce52ead431b4f614c5ea18ef265ae6eb0e0f91dab866604279c0e1f477a24421eeecd2340addff6e

  • SSDEEP

    12288:5UXW75JFlEU/mMJxdETZ88LtGOsjhMN+88:qXoXoU/FoxpGOF+

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3621af29a5d5c92637a78caeea6be9d.exe
    "C:\Users\Admin\AppData\Local\Temp\c3621af29a5d5c92637a78caeea6be9d.exe"
    1⤵
    • Drops autorun.inf file
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://187.33.1.241/registra.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\auto.bat" "
      2⤵
        PID:2556

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            67KB

            MD5

            753df6889fd7410a2e9fe333da83a429

            SHA1

            3c425f16e8267186061dd48ac1c77c122962456e

            SHA256

            b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

            SHA512

            9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            2d5d0a1398fc2dcf3e3b6e6ab9901a9d

            SHA1

            2ca9fca67cfcbc8ba613ab86f14443c761171b77

            SHA256

            b92bedcd614fa069ea1b45d0e49db6f94684a8043272fc834172128a825cb82c

            SHA512

            32f8e39c7f6dd220f0d7e8fab9a1bcb864cc9e95d655fa7008ebd7cb5a99e9476f5b56cba9d806106f78e557c295bd221a888809c9078db009c2b4105839666a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            02d97ba0c5e8b47aa30419c640d26a84

            SHA1

            c44c898cd3760175a3d72b4563cccf00028a3c5c

            SHA256

            ca90946a304ec68ca3a095085a157646d8ee50736ee6d1b9d00e1fb6a6aed364

            SHA512

            71281f59d3d265bfba24eddcf77a3eb29885a73485456f58085c14b31f77eb68bfca7f0ded6698f8be5e4fff9b798eba5b90cdc15fd26281edc63d7139b674da

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            3d1eb9511c1c201e11a2fcba3d0d53a2

            SHA1

            16e21e591f9bf247e8901949467fb729e0857ad9

            SHA256

            4534b4ee9a89c1f364e8dc9f0f530aeb507b44faa9e0c28b8ee5fea38c2d9a32

            SHA512

            6f2bf070f5c52ef3ccf5dcbab3bb12277ac0e2c3f655ddee80f7e0d72b3651774324cbe20593ba637898a602b1477d5136ef77c212b646c24ed11f6a73cab9ed

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            5b44d23ca348c3264696dfb0e078b0c6

            SHA1

            d73bac53809a35f2998e23763ad931f54cfbf4aa

            SHA256

            c1ad0e32539b3baa84d63a847d4312aa0e2a34dfcc977c9b24e8618e185afb71

            SHA512

            ac8ea3821573dc7d30301300396ff4f950a6753a1fc28361cfeba33d97c3024f070c7613d8ac7b5ea4c61f83d8f4be313c2990f1baf65c205900452cb4a4c3a0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            172eb311c9043fa3dc20dff1e1395480

            SHA1

            3a30e86fc3f175ffb11ce95bba1d53d50d8843f6

            SHA256

            4abcc46b0230b831b31a05be9c80bec3be46aae81607c3541c033a55e6f07eaa

            SHA512

            f77cda39dd56b954739453de2edfe5688cb1ebcc2ab3b8781fa4ef67dc802b71d70cace7dc4cb06eacb63d0ff82732b514859cdaf97116256cb36d4a0f24fccb

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            dfca314d63581b0574c14583e3143aed

            SHA1

            7403a27bba8ff84c72f8e6f0583bf1ff4672aa56

            SHA256

            8eb6e3aa782bdd87742b5e7de5c83d633cb1453bb67f68469fb7da29a545567c

            SHA512

            bcc754ec7662e8ef700e7eeefa77a8d67dc8a548de9706560b1c8ddd033c23f21e427881622252bb3e189527b11146d51f9d57218e74cef91ce218799c29758f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            718a582e3af5be1df7d2190bf353d7e1

            SHA1

            41b80397d32611946779084e24110920291dcd30

            SHA256

            68bbf3cb022b0de07b10acfa59edcf2ffb39a697d4660007364098257c690608

            SHA512

            9a5f308f6c5e5f3b7a1cb374359e2c8312cebc948d93e8807a087601f3ddabb9ca2e889c29725c7cd917f357a921a246c7d5570c692954c18ec85fe5662aa7ec

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            3392c18f12eed403e1fe95b0b606637e

            SHA1

            6074f97152f51b67086b442af5f2957d31f55fc9

            SHA256

            14da39d736fb61c6cab956e29d8e2db5bacd36816619561117829661bbda9a92

            SHA512

            da9d7f24e99955308589461f1b400825a1d638973f24dcb28afaae2aed9032993eb4109af70fde5dcb0c0bbf2148a1ff580fe4f094b9a94637fbbe3ff886ca57

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            198c5a24df79e62c363a504baf532eca

            SHA1

            ed31defe0781170a25e7c3362c4a7af0adcb2415

            SHA256

            1820ce47549ad414d7328876291ae90ce72ecda8ace5d7b3259ec85a231305a8

            SHA512

            8acd5651875b16f097de63c1ff841e9600aec284fadb2a7eb531f85fbf0b304eac62c6d20ba4e0770d76f2fbf34928641fe153f724b3ad757923047f09a4b223

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            81a1d04271313bdec5a516b53cb76efc

            SHA1

            b2d01005c66469f11b72c760c8e85349a8dafbf9

            SHA256

            75cd32c55b72f7e8301add329e7a649b250585fb1a219ecf3fdf3b74f821e251

            SHA512

            2c39aaa460a8a30f2cac3d8fdc5a792178d469993ae544b8554242bb2dbb2b229873b5a03fb5a8eec98137ca9233c4ca6b0bb159a62c3a5725bb16a1409d23fc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            64b78e67c007991a1176a3af619544dd

            SHA1

            bef9e81bab0a2e3aec569d8381df580899c7f043

            SHA256

            3580b86b17cd33fbd983cf432f8415232d1f0accfc561b91f1f6d47f9db14c4b

            SHA512

            b72372cedda651d532f15380b4eed9e36a4aa1e0b4d5d333fdf60d0703574d24f670bdb70fadda89fbe464040d36d8ac41eb444d7e1f2a947cb8d7cbf246ffdd

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabD491.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarD61E.tmp
            Filesize

            175KB

            MD5

            dd73cead4b93366cf3465c8cd32e2796

            SHA1

            74546226dfe9ceb8184651e920d1dbfb432b314e

            SHA256

            a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

            SHA512

            ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\auto.bat
            Filesize

            269B

            MD5

            ab7adb09ac062dc40e60b90493d360dd

            SHA1

            cfc1cf8e4df4ecfd804f765c7f3f346208863675

            SHA256

            0886a88bda78c6a65a02c4e9c60aed5b51ac4c8c8e03ed35e9aa585256ad7354

            SHA512

            7656d98e105f9b24b02d7f23fbf3f03c3d5561f13dae24c278f32605a3e0940e98bf722dd6afe76f0c061c5a4abea7b0ecb11b52b35e72f79eb6244f1d45cea8

            Download Submit

          • memory/2856-0-0x0000000000230000-0x0000000000231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2856-16-0x0000000000400000-0x0000000000489000-memory.dmp

            Filesize

            548KB

            Download