Analysis

  • max time kernel
    123s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 18:50

General

  • Target

    1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.exe

  • Size

    354KB

  • MD5

    2f1fdba0569561eea3a201daf15e0cb3

  • SHA1

    59b6826ba5557f4c0a30a36f25c64a6c1cc13cad

  • SHA256

    1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2

  • SHA512

    5a864c095c8e9c300352f0dc2f49c5122f23f6d689a8466c6db5abdfa0a8ffa3767fcdd88fdad6efa28eb5a2e718f063479a27e3561022b09fd6766c6d53db29

  • SSDEEP

    6144:QSdIdBieqRro7/7IN1nvYeF5UfHOx3XD1DkB7nIhWHY:eBrqDQeF5UfHOdXD+Ihb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.exe
    "C:\Users\Admin\AppData\Local\Temp\1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Users\Admin\AppData\Local\Temp\1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.sho
      C:\Users\Admin\AppData\Local\Temp\1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.sho
      2⤵
      • Executes dropped EXE
      PID:2900

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Shohdi.hdi

          Filesize

          354KB

          MD5

          2f1fdba0569561eea3a201daf15e0cb3

          SHA1

          59b6826ba5557f4c0a30a36f25c64a6c1cc13cad

          SHA256

          1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2

          SHA512

          5a864c095c8e9c300352f0dc2f49c5122f23f6d689a8466c6db5abdfa0a8ffa3767fcdd88fdad6efa28eb5a2e718f063479a27e3561022b09fd6766c6d53db29

        • \Users\Admin\AppData\Local\Temp\1298f513bba42bfad3fb53d0792d01b7dfba743b4b2e3ef8d513f77bd5116ff2.sho

          Filesize

          63KB

          MD5

          ea640a8a335b6870ad01287870de3d2b

          SHA1

          78859d20f360499abc11b7c9dc196a85b9d5a3c9

          SHA256

          6e3fb27b9162467623458bb5a9a06155eb0e5a6d3029f9bcbd8507818c720db1

          SHA512

          1b5402d41e704a6d0ed085090a526805e58aba8ed832ed57ef503eb0a41df74fdadda438265d6bcd074a0161aa2a25f4bc8464d529302d6ee3077bdd7da67a81