Overview

overview

7

Static

static

7

4504523446...06.exe

windows7-x64

7

4504523446...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 22:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4504523446b0862036a0241874c7dd06.exe

  • Size

    1.8MB

  • MD5

    4504523446b0862036a0241874c7dd06

  • SHA1

    7e81aebdfc0f8b18c387e0407ad5a3b0ecb27014

  • SHA256

    80970f31e8615a1378974fcc5ac66675183921fca3151c8ac70e4ed343a65dea

  • SHA512

    06098f597dfd26e6a6a46b4c135e8fcebd73f598044dff6a724ca0e0974c9f849dcb8582a16e371da6f0edec468ce0ecf97837333442fff81db980c54488b2c4

  • SSDEEP

    24576:sSLffye2tDL5LPbC5RqRt/o+XcNFg34RBF15FGrMQi7dRwKl+7VE3BKPlgYD5tW7:sIPGHffXj8pnQiw6KV4KPlg8gfPLtvP

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe
    "C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe
      "C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe
        "C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2452
    • C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe
      "C:\Users\Admin\AppData\Local\Temp\4504523446b0862036a0241874c7dd06.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Windows Sidebar\Shared Gadgets\spanish beast hidden .zip.exe
          Filesize

          1.7MB

          MD5

          36c242682742148205e63e606e027cbe

          SHA1

          b2419e3a32b32dc71e182d46929f6b9cccabdc54

          SHA256

          078bd57ddf064649778e85f63507d92d61fe2c394dd5842b17ace86892a020db

          SHA512

          ac67d32e3d034d7958d3776c0373d37081e55b2975e4b6688283c41e162d7ae6784de3cd8a2368c798a21949ac02d08577c60b09233f3a67e1f4756de001b749

          Download Submit

        • C:\debug.txt
          Filesize

          183B

          MD5

          2eebf5724a55d16c96113222ecd83e2b

          SHA1

          5f94f46a348359f39302fbf8dccf52962daecbc2

          SHA256

          ec0e2a4e5216a8e09a4dee9f991140e93d76fab2a1ad4f192d1708a89f2e45ac

          SHA512

          ef3698f559d1eb62a2a977e3341da0263a94b591d0b77822474cbecf54e5c87fd483d6fff76acdcd5a208aeecc54e8443a50e23c1553db6e5506c73e3319186c

          Download Submit

        • memory/2228-94-0x0000000005470000-0x000000000548C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2228-8-0x00000000051A0000-0x00000000051BC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2228-0-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2228-35-0x0000000005470000-0x000000000548C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2228-85-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2228-88-0x00000000051A0000-0x00000000051BC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2452-34-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2452-93-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2556-36-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2556-97-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3064-9-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3064-92-0x0000000001E60000-0x0000000001E7C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3064-90-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download