Overview

overview

7

Static

static

7

cd7195f3c5...60.exe

windows7-x64

7

cd7195f3c5...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 07:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd7195f3c5e432b8763692905fb71460.exe

  • Size

    36KB

  • MD5

    cd7195f3c5e432b8763692905fb71460

  • SHA1

    a8e4e13fa77dd88fe1f3efb2164c053aa417bb55

  • SHA256

    0aec74298dec4002715bf250180c36f997067458a7d226121326931f3393e6b5

  • SHA512

    0478080416c0fb31df3bbac6190ef484159d198f5fb1dc1ee03ac4bb97bdd7c808018683d48e500a465ad5267afe06425d5a8f2dd6c4ea211fab16de6c4b66cd

  • SSDEEP

    768:X8Q2ZDX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIom46+I3rn:s9Z3KcR4mjD9r8226+yrn

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd7195f3c5e432b8763692905fb71460.exe
    "C:\Users\Admin\AppData\Local\Temp\cd7195f3c5e432b8763692905fb71460.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4460

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          358KB

          MD5

          69faa73168a28d84490d8b2c9e518679

          SHA1

          e04f6067b9be7466e2a4e39e449bcbbac9b07947

          SHA256

          de78c4c1087af701fcb00e1ddd0b29132537fe85199028adda57d8eb671e9283

          SHA512

          358881dfd696e5f3a9b0ee0e6de804b3e65cc9fce5a9b723fbb1c606637c3eb1dd9523bb848214a60d9a4b2500e83def99a8edd6c49f5564a34a3588ac535194

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\I4k2577c7qmo6VH.exe
          Filesize

          36KB

          MD5

          fb17dd1dbe96e43a066ecbd414c4f28c

          SHA1

          702c9733f4f64aa7749e6ce363e1908984b0c56b

          SHA256

          92b5ac33ff7846b8f6e383bc398c4eb900f386838ecc270104aded4d627de9c7

          SHA512

          0d3898bb0504170700a23d007b5679f81f5a74769a5ef158d6ba0b03f13e507a005836bc7dd4400e4b1ebf8f0e54e5561e862487d243ad3aab2e2c2a8b03c57a

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          35KB

          MD5

          93e5f18caebd8d4a2c893e40e5f38232

          SHA1

          fd55c4e6bcd108bce60ea719c06dc9c4d0adafa6

          SHA256

          a66c4b98becac2f69cb107cd087d7a2ca9ef511bc3b83367b1f440f11dd159a8

          SHA512

          986583610d27caae2080834301d072557c5d2c85e33f0d19ab1245d7eae8db146397461572ddb3d491be16f3af210720d54267dac838fdad8fe34afa3d6b7f54

          Download Submit

        • memory/3028-0-0x0000000000290000-0x00000000002A7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3028-7-0x0000000000290000-0x00000000002A7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/4460-9-0x0000000000DB0000-0x0000000000DC7000-memory.dmp

          Filesize

          92KB

          Download