Analysis
-
max time kernel
119s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
28-04-2024 06:15
General
-
Target
ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad.exe
-
Size
2.6MB
-
MD5
c604cf5b3136922112183aadb475245b
-
SHA1
5250296de54571be265c3f575d7ac9af928e8195
-
SHA256
ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad
-
SHA512
9f3f2adc28e2a16de2d31a8d166d8bc4c61b2faeaef29a32a1c498a939fa066791700844e3411e1d897de5ff5f8ae96e5332be0a905408e323b095ea90286fdb
-
SSDEEP
24576:9A8vyrepIND/0bfSPdaYsi5YYR+h+8fEvdDrGnrdEROGHOhXBo7FC/hRJHOh:9A81IJPLmEvdDqnroHO9HO
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad.exe"C:\Users\Admin\AppData\Local\Temp\ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad.exe"C:\Users\Admin\AppData\Local\Temp\ce64dedd3d4bf8a1286f125da866d618f0c8c8702e8f66ab96177706d5f104ad.exe" Master2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5bce7d1fe03e2f6e939e5717d46db341b
SHA13909e24bc9bfa1cba3746c6e7caf5eb86bbd835e
SHA2566c5b349e62f30906b1973229256f856a78579390e26846f0c8a9f53e1367ee20
SHA51217d72baad93669b873a6001126b8a7396cfc7e608b4cc3da2c04d8318ecc5ef92679a70c6ff9841de3b7e837e4c43b456afcec4d213c3dd189ec7435f33990c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD580d1ec5423eed874782cbb1ac360f4d5
SHA1ce29799d2a9141d1e1bb55ec915b8536d4472531
SHA2561d7a1c0270de62474cdad3f6af8207644663093da20d7c72de00a61f98b63c9f
SHA5123ab15aea62356c7c34b9258977b50edb2849cbd6d64cdbd84cfdfd1ad5b65b4891cfb9b02592729d382bf6e45106b896d3f8a05aaa5bde32a869069ebb6a8fb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD55917442e85c403dfe71aa5c5ff67cbbe
SHA140450f2685606551e4fb8bff7c4b23fd0c135e9d
SHA2566b4958ac12f6b03379260391f8707981e4d6d29dd910ad357ea682c2ee410558
SHA512f43f9ed0a75389bb71de865b654b17c945c8c14e7929a34b674bc1f8494ed270d57088def4e01c76f874f542bc490ccbe6cb6f116e7df2a385a290f449e8bd87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54f1c6c3d29c016ba3916b2631105e464
SHA1f3b78671300ea5be126b958269b3529849895872
SHA2565345316be5dae4d173428e37ca7b8d2b568ac716c055e5c208d846baee72d010
SHA512d3f2042ae313d1d6d280e6905f2a2ceaeb92a09e4d54658b9cf6d130ac73726c9b840034673f34ad502bebdd83b9afd654fdcfd72bfda7a1d039d1190c96ecfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a04d2fbb9877b93f098fe79b7b5450dc
SHA1d66bdad3dacff253d382f07dd4d1ee943d5e2ffa
SHA2569ef682b706e8726779a375b0bdde32d34b211907e0e11b2897a3b120c1a1d612
SHA51218cc2d4f4facb61fa77ebafe837d9ce0fa9bbe75b2c3dcb5f53d38033a082991dc94aac20c74e267bdfcc57ea4ff652817ee2c6db23040e38dcf00a6f9dab4af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e86b32c22918bd5719e07b5d6ebb8dbd
SHA11d0494b41cd92b0d0693fb0f4237fc3588e731db
SHA256117e2667c7fca8434de452e8c24e5cd77995ba362a1a8b0fc94d87e6bfa53eb7
SHA51238285f957b004a91e92fe0eee7d5977ec18dfb9c01f183dfbeb11e307ac396ef61363fa497ed0faa2cd366e63c403ad1aa200b2384703b7cadfc59b05119452e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e032cf514b701943ec66ff7edf0f9bb6
SHA1b450e0ed63a4a96b576502e6167f9b4676a7860d
SHA2560a6acf6b8b2c028dd69eb0424da6b8ac80bf4e02794a5937515327f9df8d8595
SHA5120c1031f07cb7f12b6b29203e9a514fcb7c4412bff5534e6ffb6b74b9202afd38b39415c68444af790718e4968008aec7a51397c97c923e94a4edfa266eb15cb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fa34ddd9f9066223475b24d6ebf6ce3c
SHA1e805580a2a3da612ed10c9531488f5f8135f4251
SHA25672aafdda736056094627f77f8aed331cee9995b9cf360e785f7d7f728fbb3351
SHA512d07fcdac1d65c4b4378e6ff86ad8faefc976b69f044b627dd3c2d85e45fec7834505c66fa24fe39c7088278ed4268bbd5e1f070d4e4ba1990c299ef38c83de3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59695cc8da9635c1113f9d0f413343640
SHA115db7042205bc17ff4c4e3f89383a98de7dc3506
SHA2564696d9e7efcd14fe359d8188de26548b47c80ebee36a4279c2b01a6cf04c382a
SHA5126ec34eb11999c1c9a0a97f46da0c9346350d7db1fceb315b07933e2f09279d510516811d4fd57c520dcdb38fcaf6d84cbbb9b80aceae9f6a59700ebfe0696409
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD501dc5c7eeead23a1d8f200302c11869d
SHA1faf2727615f53156e92f43e72dbd5ce09ed71f15
SHA256723b8c73896a9b7e312386e25f2d5118184881069c9c020c7f62b7a00dcb1e0b
SHA512d55797ee4dba09a5442c29882aacb1fd7e7b435f10e4680c6fa6ec40d1c3051bccee05c843072ca119da8555003367b21274a581c473c4a5eadc42d951330055
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ac5f7b4780962c98a2add74a8f8a9114
SHA194dc1dbf9800abbc8147797064718fcabb96f8f3
SHA2563829b2d6b298b1721f6439ac8f69d178e3373561e50183fec5f3ee22e511f1e2
SHA512d30f6d5c44b1c0d0647c749c992381ede98f9c563cfc6cdc1f9aca2355fff73a627949fc4ed3a830ef55743fc8631bc0a3db48e4540bd709851cc84b7e36bfaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5975a37cc99bc4445404950fa510699be
SHA18c6de64bee095af054387106ccb2c13fd7c66eeb
SHA256960de07e4c4166510249870d82d14f60b3a9b055cc57ddc390b26fd6ebf1498c
SHA51235279eff2c13272bc4060092bc4ecbc4f1584ee72cbf4f0aa954e8de70c17fa7918b4ae0ee640345808ec82e94d82716b2195cbc0e57745e4db2537aefdde61e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57ec57d0851fc5bcb2294fd80d5858022
SHA1789cd4b76a77fd07e9e16a333607cfa99cc1921d
SHA256d8180ab162043725816af365ec1f1fd0b2f3bda5ce8fb5a0829586a7319d8fb7
SHA51292463102b534b86470c622d493d331ad58618f1e9ba0fce8c1502363abf8775746cad9951f418e7087b09bad2bb674296498e8fc50f841ad3a09ff8fd7b09de0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5dc079a759dd44c6ad31b2b2ead732d77
SHA177c3f3a390020a7d5066fa2c8c6de2fcf198a232
SHA25605ae55bd9bf37e6e110cb39d7afa7e8e2cf50c23a87ff06c65856a1c5e9e04a9
SHA51261458993fb38b7523c83f9146764e25f6d8132fd28dcdc49aab5032b5247763bf79e363fa1319bade6b5f9d3dde1f171f6d2660bad65cafd03a9cd6d288a94db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53b9cf8a91348110e23af78e535bd97af
SHA18fe724a3583e061271fdb6ab0c48124114d28249
SHA256dd9b54011390d8a26dc5cf517337464528812437a0bf4bb0d48c87bd75448c1c
SHA51285d5f764b46437399ed382bc19336c92c00e548fab604218def916d61e383e499c301b0d35ca2c4fc08e86ae79a161fe37531f88ce5adbd502a792a09b280f47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD593aff6de8d8bb099c21b7914c75e0e97
SHA1141b2686b535ca3b7c096b49c72416160ff778c9
SHA2562851c4fc05afa94b22b4b93404707a9474fc59932358180c0491456e6a945f40
SHA512f4f16c16ea2032da3f3e976c3f1d44ab58b3f8dc7153690e5f148e036b34bfd281d015e5eb5dcd846c88ab55f034d02695adc9a7e64061a1259f75555fd43699
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51dcdcf5814cfc4e3d864c5ba89c6f10e
SHA1226cdb7383cd732198681a5d0f6756888a312f14
SHA25665dad111936cb212ebbaac7c7108224634322eb0dda6c309099a65bdcda900bf
SHA512bce8895d06492f22753cb05c1cc3fc9a5ce41794fc412f7962df54d60d7c5ae118b93fe733f31eefb6399151af29898dbcf513c09fe8304855b189dd609a5c01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b6692b77c276ceaf474dbe931f74bcd2
SHA10851c87017ab52bd1a3c96349e8f76aa6d117f52
SHA2564446afafc1927b2f72b9158f5ef65bd07f0cc1bdd2399e4669dc03c7bd52cce5
SHA51286540fb1e3b6245256b27007ff9b1b346f388e093d28f03676ba495b29c507bba145fd50a020a7c487aaf5c3d44718c49eaa667d896f38bbdef23ef598e6ada8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5539211f21c08a4ebf0c52bed12f7f2cb
SHA1be9ab6be182f758d4dbac92fa00005281717de5d
SHA256a6895731fcffc69d88e9324362be3a21387363feab48e24c3baa7f37658cfe9a
SHA512376a3678fe0e4a10774278545215dc7ff718e8353b3df5e8667c986d803096da9c361a389ae42e426981094c7d2361248a5eb1272bd2acb5ee7147c30c6202fe
-
C:\Users\Admin\AppData\Local\Temp\CabC42.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarD06.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
memory/1844-0-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1844-1-0x0000000000400000-0x000000000069F000-memory.dmpFilesize
2.6MB
-
memory/1852-5-0x0000000000400000-0x000000000069F000-memory.dmpFilesize
2.6MB
-
memory/1852-8-0x0000000000400000-0x000000000069F000-memory.dmpFilesize
2.6MB
-
memory/1852-2-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB