Overview

overview

10

Static

static

10

c3a7fb5e0f...5b.exe

windows7-x64

7

c3a7fb5e0f...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3a7fb5e0fb80c3baf74c3dcdad6f45b.exe

  • Size

    1.2MB

  • MD5

    c3a7fb5e0fb80c3baf74c3dcdad6f45b

  • SHA1

    73c0551396292b065851d44b59541b23affab955

  • SHA256

    2ea9c58182188372eaef8e142bbebb1016cadb552bd2ac9307da940a97b21e1b

  • SHA512

    403ec879be6f4dcc5a71ca7c223c4c7492a2ac983fec3175a8e042ad63705c9ccd2de7d29a5129b1169feedd7cb97815fa99ab9e53f805f798fb39830e65cf9e

  • SSDEEP

    24576:yzd9Sm6s3SB4VbhzGcHb0bBhXxtyesOlU0YOTAXnA91IV7HExDaI/:yzTSmvdcwb0VhXHlrTKA91IV7HExOI/

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3a7fb5e0fb80c3baf74c3dcdad6f45b.exe
    "C:\Users\Admin\AppData\Local\Temp\c3a7fb5e0fb80c3baf74c3dcdad6f45b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar266C.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a5fbb300.zip
    Filesize

    22B

    MD5

    76cdb2bad9582d23c1f6f4d868218d6c

    SHA1

    b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

    SHA256

    8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

    SHA512

    5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmpC1E1.tmp
    Filesize

    324KB

    MD5

    42b6ce8bb3ad66d7f3e0863d22608c35

    SHA1

    9deee3167fa2f489318f531319992b2be354f164

    SHA256

    c32e10b9ef6de348421b6842bfce8991557f8d2e3cd2c09a0c1012e731cadbea

    SHA512

    75bfedc8e5b6ec769900fff64b0a0453d8b9a23ba851bb2c1dda0a0c84d78d63b1b8d6fbb42f7ca3a84b604952e58ca4767bb28e3d6d98566894cb920d6bb8c7

    Download Submit