d1f8ff2c4f72cafbde48901e8177cf3e2e1ef250c5f1cb32c4fffe3dcd2b25e2

General

Target

lastpass.exe
Size

3.5MB
MD5

bb6cf106f25aa639329511c4d500caca
SHA1

2d0e10b727ed3cb6722987d442d6a7f12ece73ef
SHA256

ada3cfaab920820817bb1090d9d03c8610c41b19344bdd05d662d86c1c505be9
SHA512

b8a46cdcbef01a17b4eafad9bd98f55006d54d9f00a5506a63bee96de0923751f1fd4a15a33ac7d1907e6f0bd350760685a89ccaed6bedbcdc4e18bfe778efa3
SSDEEP

98304:eFwajyjKhvmnbay0Tw1YldVt88O2RJ6LqL58Re8F3q:eF3SKgnm7w1YldQ8O2naq98Re23q

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	lastpass.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	lastpass.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2136	lastpass.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2136	lastpass.exe
2136	lastpass.exe
2136	lastpass.exe
2136	lastpass.exe

C:\Users\Admin\AppData\Local\Temp\lastpass.exe
"C:\Users\Admin\AppData\Local\Temp\lastpass.exe"
1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24dc5a795133839a5228c4b68b7c7d43

SHA1
0302168c236974a01a0fd9edd48b2df8a6b2c6db

SHA256
c1f001f16255cce111b8b469c1dc231bb0948ed8e0142cc8de57edbc70b739ca

SHA512
66d98ddda06a54c238dca28763b9fe44365236291c9af851c77f2d1fdacd915ae73baf035b45435cb4a8eddd36970e392d02ca746aa10cd1046d5d24e563edc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e22ea11b9ea25da7ba72f56a0e3d43c4

SHA1
a97863f9671dc04c68bb2439b1438cb7a103de5b

SHA256
c81bf8fe43aaa7b5d2e94a3c7f7fbfd555d78fdfc9507698860cc60cf75a2fd7

SHA512
0410811fc7062e9c0e2741e241ffec44138e1b9347e5312824b8429bd1dd7e1a7214a06a3f82535710673ebf1c6e386c330f186d2a65afabd4be37bf6a4d4527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42fa5e383e8065878dc0a53623799e37

SHA1
09c8d3713710954389836c8a17e0e3a7515baef2

SHA256
f207d938a84d5fa1dfb2c1cb70a46cce2864727db495efd58688f9cc5b6afa60

SHA512
48d1572a2addb9d2eeb800878d3542f1520638616efc74224cf53af6d70c9127bd6a5a243cd469a3ea3e7dd0ea8c99c776f809fcc0ad3db9df3a69e5f7bc71e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17f4c810e1e5bf1c81e7c90aea052142

SHA1
0bdaef9c3af6a20c9b661fd2588bc328d6ea61c2

SHA256
e0a68d9796fd24d456a61f2b44df11c53ce035fd5fdb87c1983ae0ee4d703bb7

SHA512
55efd8c728d0a7601fff85fd9977e8d8a576c870e5a87a695fef1875abefd3c10a64e32efc24da0bac4d86882277865c159ccd0952ac11bfe6a75cf6e9b370bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7873088a0107c95bbf02d03c7d9cc01

SHA1
d10a686a3256781bbea2bb83e772a0d67e55b52e

SHA256
be6bdc07cbe9b6de6ff9a00e8bc00888f14e733b784be9ef3dc8585ad6f58b55

SHA512
57aa3ee62f7768144fbb787eb57d3657541dca08007eead2290f34c3b1b8ad16850802dffbd26c33d0a4674f7a025cd8b48b8a7d66a265168de27005e1711ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ffafeb13cdbe600f61134ab82e1eb44

SHA1
c65935fa10128cc731769028bc6e7ac0c395d4e9

SHA256
ccbe4cdf07b82a0747d054f2775a37e0d0a162ae52f6fc102f782e8090373473

SHA512
c5169b9569eebe078c44a9a011f07da333eac6e467a832ab5a6fdaa407e24b7e958334eceb3d9adb0cc6be61eb05da6dae1b6a6be7529357fb4d7a0ec070dcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE00A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2136-7-0x0000000002EF0000-0x0000000002EF2000-memory.dmp

Filesize
8KB

Download
memory/2136-6-0x0000000000100000-0x0000000002EEE000-memory.dmp

Filesize
45.9MB

Download
memory/2136-330-0x0000000000100000-0x0000000002EEE000-memory.dmp

Filesize
45.9MB

Download
memory/2136-331-0x0000000000100000-0x0000000002EEE000-memory.dmp

Filesize
45.9MB

Download
memory/2136-336-0x0000000000100000-0x0000000002EEE000-memory.dmp

Filesize
45.9MB

Download
memory/2136-342-0x0000000000100000-0x0000000002EEE000-memory.dmp

Filesize
45.9MB

Download

Analysis

Sharing