Overview

overview

8

Static

static

3

577d279233...b8.exe

windows7-x64

8

577d279233...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/04/2024, 16:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe

  • Size

    48KB

  • MD5

    01b6d7a32917e448f5030b937210f372

  • SHA1

    9f4645587abb30bbec12f2824ccb3859ecbd852c

  • SHA256

    577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8

  • SHA512

    06b188acd7da4d1af68bfb363f3af32d9c09741b5a2cf0cec1c9fdcd22b698073098e0cd3495b63dfb3616022a1a44513d49f8919b224b4122765dd3558a720d

  • SSDEEP

    1536:2dKFaYzMXqtGNttyeiZnZLYm1pHqaNrFd:2kFaY46tGNttyeQLYm1gaNpd

Score
8/10
spywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe
        "C:\Users\Admin\AppData\Local\Temp\577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe"
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4720
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3360
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4DB2.bat
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2812
            • C:\Users\Admin\AppData\Local\Temp\577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe
              "C:\Users\Admin\AppData\Local\Temp\577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe"
              4⤵
              • Executes dropped EXE
              PID:2096
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Drops file in Drivers directory
            • Drops startup file
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2008
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:2136
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1104
              • C:\Windows\SysWOW64\net.exe
                net stop "Kingsoft AntiVirus Service"
                4⤵
                • Suspicious use of WriteProcessMemory
                PID:2356
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                  5⤵
                    PID:1720

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                  Filesize

                  258KB

                  MD5

                  51ed9ab4efc7af69072f0b0cb33c7d4a

                  SHA1

                  bf7c12afe6f8eb95355d92485debb16a073f8aab

                  SHA256

                  532277e916d51a2e40e8f87b54298b6353873329b42e2d944c47457b1c415df0

                  SHA512

                  01973dcd43cd0f1c1765db75c7c6ea533e2bf47bae1001f43b3f5fb46f6f3d80af6e299d082e46e753c237cd5961d8e67a11f1c056768db75e4c3106c20fe4fc

                  Download Submit

                • C:\Program Files\7-Zip\7z.exe
                  Filesize

                  577KB

                  MD5

                  cbb1f86115a657aa6b80cc9b5eca89a2

                  SHA1

                  1664d7aa6421dc55ac22747179a7c919eb02091e

                  SHA256

                  fc1aba78b4544f8c4ef2e02106884e526b7aa33f7c1794c256f6f3a8c1fa2576

                  SHA512

                  09e91e10c6e4256ac7b830c4feb0e5b1a48dc1e455c3cee4fd6d6ed1a30d2d650fb5c0875064e986ac7b6d9b3b0fadbbde4549a99fc2b69efd48cbf41b269041

                  Download Submit

                • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                  Filesize

                  644KB

                  MD5

                  51c1eb02821359551eae62ff451ccbb4

                  SHA1

                  917e11eb8a26a033a330a9cee5c5207d0da1109a

                  SHA256

                  9afbb3fd781ea931d8bc856c768fe7af7e440e9f7a29950b5dca44593f0ef04f

                  SHA512

                  062f0c32d3d9b46fc670512a818c88919bcc90a2f7f5bd4910f917a96c42527fd6c28117c366cb66cd6bfa3ec64f5a43aadcaa4bdad01c8d45eb2bfe2c85f5ee

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\$$a4DB2.bat
                  Filesize

                  722B

                  MD5

                  1e9b8b34f282fd4eebf5eb7f36611879

                  SHA1

                  85760c9c0bea8bb985573b9d41f2989862fb31a4

                  SHA256

                  acf5f73a3b68b64c9a3849d19654870232a1c963f0acff61606b5ef3d92e2657

                  SHA512

                  b443908da2836bdb3562a6e48bf5c48aeb34706a2d1ed4e8fec6966801edb2dc3ec68cab3f7a93f507f3a5f84a6c869325dfbf7440286c43705c0c33055b9bdb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\577d279233966a02e9138dca03af6f91490609153583d16286f4d1bcc9b4dbb8.exe.exe
                  Filesize

                  14KB

                  MD5

                  ad782ffac62e14e2269bf1379bccbaae

                  SHA1

                  9539773b550e902a35764574a2be2d05bc0d8afc

                  SHA256

                  1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

                  SHA512

                  a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

                  Download Submit

                • C:\Windows\Logo1_.exe
                  Filesize

                  33KB

                  MD5

                  190cfb52ec885264fac6f6fa82efa51e

                  SHA1

                  a2557e755b37d73f39dc8de59ca7ae37e9e7efee

                  SHA256

                  e8c435b1a8b093137bc740c8dbf3cf4c7e2e647d7d5d5b7637700349c74bfc09

                  SHA512

                  df39c740cb59f101d20f6e6b1e50e74345d68a5bc1afe6cb1ff2951559fae570e1ee0926862c8eaf91f92f5e3c32179b19760942c1a39f3df20e9778745f8b8c

                  Download Submit

                • C:\Windows\system32\drivers\etc\hosts
                  Filesize

                  842B

                  MD5

                  6f4adf207ef402d9ef40c6aa52ffd245

                  SHA1

                  4b05b495619c643f02e278dede8f5b1392555a57

                  SHA256

                  d9704dab05e988be3e5e7b7c020bb9814906d11bb9c31ad80d4ed1316f6bc94e

                  SHA512

                  a6306bd200a26ea78192ae5b00cc49cfab3fba025fe7233709a4e62db0f9ed60030dce22b34afe57aad86a098c9a8c44e080cedc43227cb87ef4690baec35b47

                  Download Submit

                • F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini
                  Filesize

                  9B

                  MD5

                  5e45e0c42537212b4bfef35112ec91ba

                  SHA1

                  10c59c091fd35facc82bbc96938f118ce5a60546

                  SHA256

                  9f6b7a83161db36757e96dc40936aec1e5a9a41f9fca089f9cf5a4d695dd5ed5

                  SHA512

                  ee964e08687daa53fdc8e063402791acb104bd59f5d0f8a6d11d3e889db476315641c38032ade4177cd794b060f9fc4e6fd161989e452aae828c875c747e4bfb

                  Download Submit

                • memory/1948-0-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/1948-9-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/2008-19-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/2008-12-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/2008-2489-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/2008-8668-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download