Overview

overview

7

Static

static

3

c410a8cd43...2e.exe

windows7-x64

7

c410a8cd43...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 02:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe

  • Size

    449KB

  • MD5

    c8cb9086adaa8f151842abc75b841f17

  • SHA1

    46021888a5e6ee2d9ccf08dff903105f2099d549

  • SHA256

    c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e

  • SHA512

    f104e854eb541021e671d32dfab6081c338f4f1c618dc0c644fd54d61695af71229e746ca47da2ed71d68bb15308632dd3e9d7d099e207f39d6368d5a522cc5c

  • SSDEEP

    12288:Zv1nWdQP1EDhZPxXv1dJR2fO4OwmE65b7n:Z9ndEVfXvfJR2fvOM4X

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe
    "C:\Users\Admin\AppData\Local\Temp\c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Microsoft Build\Isass.exe
      "C:\Program Files (x86)\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4708
    • C:\Users\Admin\AppData\Local\Temp\LE_c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe
      "C:\Users\Admin\AppData\Local\Temp\LE_c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe"
      2⤵
      • Executes dropped EXE
      PID:1956
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3496 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3584

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft Build\Isass.exe
            Filesize

            213KB

            MD5

            a47fbdc908d37bc65874433ac8968adc

            SHA1

            1ec41ce39832a12614e13ca2adb072f5d7811ae5

            SHA256

            fb2753c9eef5b95ee367d5cbbb17e71308e6619f5edd0679e8c0acd58eeb19d3

            SHA512

            e20f79aa318f865d2bbb4284084a445a080fa97642cac29c52f2a7bf95c318db460cdc29118a896e26324a042dfd9870a8570ee3d681f1bb6210019a79de088d

            Download Submit

          • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
            Filesize

            693KB

            MD5

            e143e296a6903db94268f4b36f9013f2

            SHA1

            296d99f22ed95e3d01a122604820c7f0f85265f8

            SHA256

            3e19324ba20699a442f1d07ebc3c2352113980e55209224c00b344689ff1003a

            SHA512

            9ce929955c56f30e18fc6dd62c484ca51de0732cc2375e696eab0b387019449028aee6ff5b80dba0927cb1ebe4b70c848837445dc2bd9c915e4752da3f31364e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\LE_c410a8cd43d9ec90819f94018c6da82ef108a5eb7eec7d356ea25b132745252e.exe
            Filesize

            219KB

            MD5

            e2312f199976d03a7cf41e453c5af246

            SHA1

            c723bf05f7132c9b66c4f91d6cc363d08b4ed622

            SHA256

            84fe7824717bb55d7f32c7487e37012a1bc6cd4c8c0202be4bfb07e770f8dc51

            SHA512

            a5cad97d8bcf893b79eed436ae8df232d7e53df86a0ed38b381c128c5d8c76c0caad41407ed564f2ea2725236eb98ea6d29413886ea22371920bf2b498b49686

            Download Submit

          • memory/2236-16-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/2236-1-0x0000000003650000-0x0000000003651000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2236-0-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-20-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-30-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-18-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-19-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-7-0x0000000001860000-0x0000000001861000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4708-21-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-24-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-25-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-6-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-17-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-44-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-47-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-56-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-65-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-66-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-67-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4708-80-0x0000000000400000-0x00000000016A7000-memory.dmp

            Filesize

            18.7MB

            Download