Overview

overview

10

Static

static

10

a35058ecc1...b4.exe

windows7-x64

9

a35058ecc1...b4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a35058ecc1502461d157d5ece9ab25f862fd573f6382a5bade52bbfabbb352b4.exe

  • Size

    261KB

  • MD5

    2cf983f4dd01234c97da4ffaa3f3da10

  • SHA1

    2c03f0181c985489a4c791caf88485f770761bc7

  • SHA256

    a35058ecc1502461d157d5ece9ab25f862fd573f6382a5bade52bbfabbb352b4

  • SHA512

    f673f6d44a4dd33a52ee98b44610761b2a17fd9b0ac4f3acdd618c7880840413dcb9137a545b7159415cc132913ba12c860f3a5ec1802853995bbbc4eeee977e

  • SSDEEP

    3072:SPUHpiKT2t2UHIu05W7SAFJJOUD9cckiKop97f3r8n9t9YgntwIIhN8/1t6kH:/rTfUHeeSKOS9ccFKk3Y9t9YZjo

Score
9/10
persistencespywarestealer

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 20 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a35058ecc1502461d157d5ece9ab25f862fd573f6382a5bade52bbfabbb352b4.exe
    "C:\Users\Admin\AppData\Local\Temp\a35058ecc1502461d157d5ece9ab25f862fd573f6382a5bade52bbfabbb352b4.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
    Filesize

    761KB

    MD5

    0ffbc429cbe05dbea48d02daa4c258e3

    SHA1

    30190ba0d79073043e353582f2932b15778b119f

    SHA256

    06cc530e482bb3e406659916418253a3aa19b89b70480d41fae3b61538fbc048

    SHA512

    a6139a252f8a39e0d052a7044178354d2e03986a15ebe349a5c38c509f125a5235ea9d4950d72e6322b53478f628b6aa42c120169e15ede6d7b356ebe1448347

    Download Submit

  • C:\Users\Public\Microsoft Build\Isass.exe
    Filesize

    261KB

    MD5

    2cf983f4dd01234c97da4ffaa3f3da10

    SHA1

    2c03f0181c985489a4c791caf88485f770761bc7

    SHA256

    a35058ecc1502461d157d5ece9ab25f862fd573f6382a5bade52bbfabbb352b4

    SHA512

    f673f6d44a4dd33a52ee98b44610761b2a17fd9b0ac4f3acdd618c7880840413dcb9137a545b7159415cc132913ba12c860f3a5ec1802853995bbbc4eeee977e

    Download Submit

  • memory/1988-4-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1988-5-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1988-8-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3296-7-0x0000000001A60000-0x0000000001A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3296-28-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-12-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-13-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-14-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-6-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-18-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-19-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-27-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-9-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-34-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-35-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-42-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-43-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-54-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-55-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/3296-64-0x0000000000400000-0x00000000016A8E52-memory.dmp

    Filesize

    18.7MB

    Download