Overview

overview

8

Static

static

3

a26eec0721...22.exe

windows7-x64

7

a26eec0721...22.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a26eec0721818db2ad84f35ee462d22099f66c9908915a49caac2e0853724322.exe

  • Size

    294KB

  • MD5

    5ec2491722718661c3e3051c80ca898e

  • SHA1

    cbd74c3de82457f7f6d97175272e7ed25de29c05

  • SHA256

    a26eec0721818db2ad84f35ee462d22099f66c9908915a49caac2e0853724322

  • SHA512

    18131d835943858301f12931324e3fdc0a87c5d65800bcecf45f0727db04f46eca387f795b6115626151933b0703ac8bb91029ea6f1a0a1b5e9bd1dbec23a511

  • SSDEEP

    6144:fpMM6VnmffCpJipZQeNai17Y56rKnBfWhve:CXmfaXiHQeN/7YkrWBfWhv

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a26eec0721818db2ad84f35ee462d22099f66c9908915a49caac2e0853724322.exe
    "C:\Users\Admin\AppData\Local\Temp\a26eec0721818db2ad84f35ee462d22099f66c9908915a49caac2e0853724322.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    440KB

    MD5

    502c4e9edcf5f9f2779eb5fcc7a6a5b4

    SHA1

    fa22ea07357f059834121da48f4429c857915ca9

    SHA256

    23464e23a7eccc1d174fa6fe12bd1569a883e875c0548637846ead1d0ea4bbf4

    SHA512

    642390849c495fc12761cf8476348f8007f3fb7e5c4f89b898e9494b1729e47d7a84051a8c0488edbbdb9aff383fea6167bd724ca8e1a83cbfdd70b4ef770d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e4dec505690f777b56d7115bcf18d67

    SHA1

    c9047c1afb40317c93283c4865a938dd3aeb5e89

    SHA256

    07f343cfed5866558cbe2775ea9f3783c2aa83c54d805368aa99acb589a3c84a

    SHA512

    2bc21712b22194127168ddc684bf0608661787af094a8e31478f1fa287e2c9ff035e5292bc77ccc8d833953f066bc10245f01c86369256a9dff2a6c6c74b4025

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c5645baee44b515085aa80f53056cbe3

    SHA1

    76dd02cad5e777a8c43051b13834e13050a1b1f7

    SHA256

    188331475ee5243e486bebfa0b0ef3065cc4c7c562bb19dc4338b9b9d2a5d0ae

    SHA512

    dc2a164438c1ead675eba856fddda198be22d46ecb667661196e7a93f4624fbca7bd329828bd96cc1bd4dca69cc2c6de2ab2d4f7a7d3f79a93e9f182236ca52b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6aa3d4bb9d32f6ceb0a9f7349c901e7e

    SHA1

    3217e5812457379388bd5a14f5a9de6ce6e28556

    SHA256

    82805a8f1bfd4c5d578ffe93d0ae46a8d4b6619064eea765754368b216a4eca1

    SHA512

    26c210a05a0210daacb952bae2ac3302d3b14f1001eb065b8e06b529f0a0b28abda60df0759702d394f639b153b4bd460ce5d2d7f2e5935f3cd2a81b705a78b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95eeec5eb91e53001d3fd8dc4d87f686

    SHA1

    53375dd22bc5ed58a93f2d9c635104d89c014539

    SHA256

    cbdd2bfa5d9723f6f4cbf47cccac7d5c95ffa0b4e63f8a5ad4be88847e4df65a

    SHA512

    04a065074dc424f9527cc7fa06d2729e9e0db10a796479633fda9b8381439b8c4874f942b7c5ac7439253e5ca6f9cc53932039cc5a50757907c9864f7df5973b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e5912fe37c5421c6dab82bf680076af

    SHA1

    7bf5de9d223500c1fa2ebc325497715c815fa732

    SHA256

    4991484e58fde4ab021282e32e48be8a20ee4777d503b4674ae942fe36a35285

    SHA512

    91e03ec04a11e7ea0909489cba2006ef91481b1b05ddf4c1a2139b43954981c40843762b5c136aa299b00d86fc67573c2f1a9521be1184ee8eeda3a67e92d67e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a01198c683f58996489b4cc23415402

    SHA1

    c8edfd354ca19c184812c0ea2c1c0969e67b8a1c

    SHA256

    8e6c7b5037090d1bec6f867185ba10fad56a7229411838cd3c04dbbbf10d1534

    SHA512

    f1ba36968723da1e2fb35c617f157d3d7441e93ee32eebb6e08865deee30d99a24bf0cb8e9d39d96f30aa327880424e3e2378380d61ad03439bb488ffe165c2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc1ec9341f65aa8d923a789f3e1c4104

    SHA1

    a0896e1850e301a4c5d684b9bb1688d0a729b9cb

    SHA256

    99d1288b774f8d458246c6a01fc8825cd144ed41ed41ffa3bd102578840f1dfd

    SHA512

    9154f1034ea806736cdd271f2fc3f47ce3f03088b56341745608d8014c407ec89e11982c912bc0d9643adec52842ce360262aca26048e135a48f972ce1e8e49c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb3fdd3ba777a3e848c307397359d07a

    SHA1

    6f31c9c121566e77887a4071b9b29c21cb9d811e

    SHA256

    11ec4275c67db991f055a312aee95412e2f535afb9eeabdf79e2fc6048c30914

    SHA512

    b81c5f66bc8944a91e8af8b94f3d0ec2df43be5c7b99d1295a567d9412707f4c0dc5eae11c0c01a3ccf4a135256b8c1f5e0d372653246cf167b86993f80d2a09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b416339ce236a2d2980a32185c1ac298

    SHA1

    d31109ab0817d7c47d449bcb2e57751558ecf312

    SHA256

    414ca90bffb06066440010f73897422ecb5f20e4a39fb630464d7c717ad2b01e

    SHA512

    69fee4dee768dc7c5548c44a41d4fcee8d3d7d5b400a6fce747067d56af1f7170cd98f190c2f920ddd85ccc2f8fced27aa22ded472ee6c355f5c3e3fcb063975

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b154fc3747cfd6b168ab4ab58081f121

    SHA1

    739af694079c74ca598b8a1c2f6df5f39820a836

    SHA256

    593a4eaf1512071b0fe8eacaecc8571e32df6b2ef22907f01e1389a8abfb8197

    SHA512

    a7829af10757186d16523bdf6cc2402e35d9c34af4a072f9961a5af822971b19d7bfeaf3f2e5f29034d1e7c00bfb8e14faf27eee9a91a06b2f58d7a424912fa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    373be9dbc7af125c17b0f17319167f7c

    SHA1

    8104da082678465e5671cc77fb2df439705c37b6

    SHA256

    e0c95537aa5fda499c2fe140f42f97af9c763acfc31f6c2ba599802e29e50b3b

    SHA512

    0847fd55c9dfd415738044208e014db8247b18f32b43687cc0a40196f99a7b796bdddc6608365f26d72a432357eeb74fb2e5ba198848cef7547e12fd7a68b542

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab83A3.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar84B2.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2836-0-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2836-3033-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download