Overview

overview

7

Static

static

3

f9eb4e8114...51.exe

windows7-x64

7

f9eb4e8114...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 05:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f9eb4e8114e84f8dbd34fa1d2098e974ba0c10aa1debfda07a3b7ac57d0a3d51.exe

  • Size

    80KB

  • MD5

    76a52a8d224cf6a597cf639e8f098f53

  • SHA1

    82e2dafdad7d7b26dbaa26123b8627060d77e147

  • SHA256

    f9eb4e8114e84f8dbd34fa1d2098e974ba0c10aa1debfda07a3b7ac57d0a3d51

  • SHA512

    2b94f2e1cce9d697b99c8b8a4a47e1bc5f5e0450a27b562e9bf554c9856b7451340555a15ef9a40c4e6b8f8c97e103fbc5c4594946c69ad78b4d060f78fe4039

  • SSDEEP

    768:JNK2cNW0QbRsWjcd+6yBFLqJ4Z8qx70RM8/O/B2Z9tRQS:pcNjQlsWjcd+xzl7SMQQS

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9eb4e8114e84f8dbd34fa1d2098e974ba0c10aa1debfda07a3b7ac57d0a3d51.exe
    "C:\Users\Admin\AppData\Local\Temp\f9eb4e8114e84f8dbd34fa1d2098e974ba0c10aa1debfda07a3b7ac57d0a3d51.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2912

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IZfAycIdyPmpzio.exe
          Filesize

          80KB

          MD5

          f935492b1a2e1bfe48a1aaa973652fc9

          SHA1

          ae3e711f7a8c2ab262df6219369d328868c4cebe

          SHA256

          849493977f5fc8b920d9ffb3e49908b059706e012782ed527371657045276122

          SHA512

          a18016c5e9600d5a8234d5fd1a12c0b584d6d4aafbbca645acb916210be73a9ace83af60dd9e8c1c2194af74d44f902a65a55d46f8359a5ca29485e27d6353de

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          80KB

          MD5

          ec704028ad7125c2fa52e04dc68c0ca3

          SHA1

          2a63f27d0138696c9c27a9ea2534e8f2ca11ddc4

          SHA256

          5f77a5d7c9eac3b004820646dece450e315a6e3ed320dc183ae68d59cd2318bf

          SHA512

          a008a08c980583b8698431ca44fa45d5565fdc5316dc3e58c47ae523e7a7a776162979b0c79f9c64f0b71e0d98fb49102679378354f76c270d0c99207c15d160

          Download Submit