Overview

overview

7

Static

static

3

d21f2f0991...37.exe

windows7-x64

7

d21f2f0991...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 04:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d21f2f0991f65571c180003ec423d7d3315bd04d1626144edcaa0c6458474837.exe

  • Size

    2.6MB

  • MD5

    d073f75ea0b5dbe8401817845bfe6e11

  • SHA1

    5a57a3a46f59cef4f501332e930ac009b0d0c43d

  • SHA256

    d21f2f0991f65571c180003ec423d7d3315bd04d1626144edcaa0c6458474837

  • SHA512

    54ebe0c60ed27a6dd492116e1ac4049cbb0d2e1e4e9ce6eca9a9a0cf42b5416adeb718462c20f39e1633e7101e902c31630c2cf6271c72d436fb9bae4256b16b

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBzB/bS:sxX7QnxrloE5dpUpUb

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d21f2f0991f65571c180003ec423d7d3315bd04d1626144edcaa0c6458474837.exe
    "C:\Users\Admin\AppData\Local\Temp\d21f2f0991f65571c180003ec423d7d3315bd04d1626144edcaa0c6458474837.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxdob.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxdob.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1464
    • C:\IntelprocXV\abodloc.exe
      C:\IntelprocXV\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\IntelprocXV\abodloc.exe
          Filesize

          2.6MB

          MD5

          815669cae02cc2cdef29867db15c4bd8

          SHA1

          49630ee294c9065da3dbb7110170083c9a65d8e8

          SHA256

          299ba18bfff86e10a68e5d9c438bba03736e32471ba02d8e4f7137aaf23dac74

          SHA512

          d65053ee4324a6c5fd3b16fc50dfc78f7a85326f5ded73f8d4a9ed79ab18f8258d6a41164573be11b4184a1620245849525cda52b1585fb4ba7e6ba60a871eb9

          Download Submit

        • C:\LabZ8M\dobxloc.exe
          Filesize

          2.6MB

          MD5

          da99b28d4fc916957a129217781706b3

          SHA1

          e5eea03c2f2887a0808e67d7a1f0216db265e0c2

          SHA256

          e38ff85a2f05a7f7ca81b8478e8e0db258052cba44beb7041221b3b830f447e5

          SHA512

          f536f0d7e23c4a6af080f477df934f33f40145c916c9ab4aef24ea4b087ee0c4944d040a10114d8f6b5fe52fd3d1df4fc5bff4c0f7d780b6a6d74bab587e43d1

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          171B

          MD5

          0bda016f2f83c7ef95276161045f1ccd

          SHA1

          6b1f83ace3674734dfc8b586a290bebff9095aaa

          SHA256

          cce3ffbe222fa5c126586d651426ea03eb0f597e677f206618257d06b51e841b

          SHA512

          a87d2f3ec0ffbed1ef64874acad05cb21cd8dae587d471638e57505bf6c65042bf10bf45901634e2a3224eade68ddce24517dc5e06454961c5a5acd69ffc9615

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          203B

          MD5

          d0083eed3b0178bf6e5796421bb5989f

          SHA1

          2d11160348e240acc6829f662f285033c3181ac3

          SHA256

          b3201e363860999302bb32d86874491240462f6225cf8002acff048bb3db3589

          SHA512

          3d5a6e3b7cb57b88229a0c239f5150d03d0113f027c030872556dd706e1cce64b6c012b637132d287c688ae0c75b1f16b39c7038491102ab3f99c1e010ee46b4

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxdob.exe
          Filesize

          2.6MB

          MD5

          a7ee07a7c0a7d4335ad4bdb7814c8a2e

          SHA1

          1b4681c77712c5d79a69686fc5ef14defd56c21c

          SHA256

          525610c8969bee16d90ec604e1a98bfa4d2e406bebc4529bb24d515d08c1624c

          SHA512

          2e6a8f10e194431d50564b0eebe6b74c75e67e3ec5ff312d2c6970d3a2f66272c7ee4b5e730609e4b417558b3b5a5f2fc4f98931cdb766ae530e8b0559acd0d6

          Download Submit