Overview

overview

7

Static

static

3

ad89c3c45a...98.exe

windows7-x64

7

ad89c3c45a...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad89c3c45a1c7b2cd177cef9889ec598.exe

  • Size

    74KB

  • MD5

    ad89c3c45a1c7b2cd177cef9889ec598

  • SHA1

    81c4a97904798220f23249ed43f57db8d35cc34f

  • SHA256

    65ae24ce822b4acbcc0b9f83b8cd4594492b3d47fd5deabdaffe64f8d361f47e

  • SHA512

    1e477fadd535df7efb565bcc033bccb8e6bde6c853c7461f5e9e2f60e4cd940d71272f55b46b6992ea33268b99a0d00fe2dcaa1634faae66aee52bc6dc2b699b

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTkc:ZhpAyazIlyazTkc

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad89c3c45a1c7b2cd177cef9889ec598.exe
    "C:\Users\Admin\AppData\Local\Temp\ad89c3c45a1c7b2cd177cef9889ec598.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    598b13e3686d91b5a9abb8f2de15da9a

    SHA1

    c9c6b8a19ee58b7efdee6f734955e91056e3fce5

    SHA256

    df9bf672b1e68af251ace512582c359b9216c065bf958fe74acbfb6c0c38b471

    SHA512

    f349a8dcc3efde53ab7d0562ab1329560a046de5bce2c1762aa04442ed6cac248bb6ddf0f650e75d6b7a7fd486a7f3c2f08be3e9653b3390c9d7dd9feda24168

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\r5crIMnBKgOqE5a.exe
    Filesize

    74KB

    MD5

    6b99d13977b80be61bce5bef19062591

    SHA1

    c885af6af1fe0a9bf7b5e46049fea640cd34a9f4

    SHA256

    57f082365760018e8f299f56aff675f664cd7a58604f2ed4c84615030f51f8af

    SHA512

    e270dd3a09c7b435b2c7696d352cdd8efdc4ab5e4f4519f55510496eb7d5654d4f69cb6e6d67b5abc60e3b633b56fc8535695497fdabdfcd1fd9994dcb2fae70

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit