Overview

overview

7

Static

static

3

d17b250f6e...8c.exe

windows7-x64

7

d17b250f6e...8c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d17b250f6e76ae9e8ec4067c6b5170cbd7704db874002e5f056fd2a103bc5d8c.exe

  • Size

    167KB

  • MD5

    ca906b44524c8c6a6acbadcbd58e8e4b

  • SHA1

    1ac0ec167dd08b68c8252005145aa1d9799b450b

  • SHA256

    d17b250f6e76ae9e8ec4067c6b5170cbd7704db874002e5f056fd2a103bc5d8c

  • SHA512

    63d7f4c0d41d9cad23ddfcc04d8ac7b76970fee33a563451a8bf937db1ec347bff65bc1640589c5711bc5be3d2650fd1bb4e5835095270002cedd3231da7535c

  • SSDEEP

    3072:qKtfDwsjPThTYszDH2fkCd80wrsEAfWBNQ+d+SyhYWi1XC11If:BtfDwsjPThT5zL2MCdVfyN1TtWcCo

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3604
      • C:\Users\Admin\AppData\Local\Temp\d17b250f6e76ae9e8ec4067c6b5170cbd7704db874002e5f056fd2a103bc5d8c.exe
        "C:\Users\Admin\AppData\Local\Temp\d17b250f6e76ae9e8ec4067c6b5170cbd7704db874002e5f056fd2a103bc5d8c.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3504
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2C01.bat
          3⤵
            PID:1376
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1076

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\7-Zip\7zG.exe
        Filesize

        742KB

        MD5

        793dec82b142716bbda405263aa30966

        SHA1

        cd739ef7e41059319265ca315081db05cc6f9d7b

        SHA256

        92022b75e715b89252a1244236cf89a18b46ef1f1cc15d451ca00d74fd15b638

        SHA512

        e9e8e062a26a18525ff4c63b52840a18ec5d5e247a889a869a2f34979bb83d88282fe630eabf5103e56af4581b70ab14da478de1ed75865ffe3e950500e8ee86

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2C01.bat
        Filesize

        722B

        MD5

        67b9667ccbad23e19912aba0e9515b5a

        SHA1

        690c2458fad92d4d8a81bbcbdb3052913b3be3d2

        SHA256

        5833cde20bc6524c90b6dfdc31eb1f1d0022a1d90878a223c64fa8cb4d3d2049

        SHA512

        b873b922373ec9017107b82000ea1de06060a96b870c76c69a7c9b19b86a0ee68db8d92b026df7f1955dfc49306fd7a6d46f1d8ee4565f474e130b531093366c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\d17b250f6e76ae9e8ec4067c6b5170cbd7704db874002e5f056fd2a103bc5d8c.exe.exe
        Filesize

        109KB

        MD5

        21dd2539e63faea27741f4b071fa8673

        SHA1

        86af0d01ac3878ce9ed678ec2137b4714d307256

        SHA256

        b0b4db7c66bdb13ed175df2137c482905e9d82d402135251889602f61fd7dba0

        SHA512

        5f7005322b4f6beadce8aab8ffba3b7e5ca3d9edbde62fcfd4a74972ef731925ea256f1d68a412579486c3c86817c7cdf1b20959412e4a0e8561c7567cbc21fb

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        58KB

        MD5

        80254d88a6d0e7dd4cadf27173eb6441

        SHA1

        a2675641d291de43e5edce49a845bb2c5440f1a5

        SHA256

        6a1b32b1bca5eaff9215e5159cf40c60ff48e6a72934bbc06c1e1fc7e567a8b3

        SHA512

        97be4946cdc40c36764d0e3d6f611b24c17b29b89d53ca0f47e3c5616149ac09df79fb3f967d5f4a22fb76219661586f6f219bd6de080d9ccfcb5785945536c4

        Download Submit

      • memory/1076-223-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3504-7-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download