Overview

overview

8

Static

static

7

9c5f3fe609...3d.exe

windows7-x64

8

9c5f3fe609...3d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d.exe

  • Size

    1.3MB

  • MD5

    e19661fd31764db3a36dbe6706b36716

  • SHA1

    54b5c475137cec9ed08c03fa013da0fe9c1868b9

  • SHA256

    9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d

  • SHA512

    918772b513ffa5a148162efe4fa93b3d5ae5328d1847d62a74c1ab375681dde22d93595bc7ae0f6f5a3222849144a17d2288e67b8f64827237c2bf6f5c59265a

  • SSDEEP

    24576:Qak/7Nk4RZgLNKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/uoZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d.exe
    "C:\Users\Admin\AppData\Local\Temp\9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d.exe
      "C:\Users\Admin\AppData\Local\Temp\9c5f3fe609c38881ff069d949a0087e334daf82e18fe23035efad11b6479753d.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1688
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f704c8cf880662c2b32bd4430c2cfbab

    SHA1

    d3c472129197e2d83ed03ecb8fc27bc40bf491c7

    SHA256

    4358555145daf213ceafd7d0959c8f3f5692fc637be5a44c491f0f19e271e612

    SHA512

    a9fe81d49f2e5e2f0601dadf0c8e31b9fd411341e8fa6ffbff3090c7912d8d2ceff542a32fd01e753c79ce4171352e0bb99fc35025a6daaedf970d1e3b253d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    976d5ca2db79cd184e2e89a1e6cb3011

    SHA1

    c5a80ceb5e1b2ce641e42d6e8bd3268a43a54fc3

    SHA256

    1786cc3fd6e8b2ff851f0a7d11007749595e4215d6d7d6e750bc296d16214049

    SHA512

    dba0767c525616e4fae176fc6039a0273b2eb5ee7570231bcdc0fdf369462081b32790b9c80f3e81adc4176c164028bc845f0f72373708c71f35ffb822dc18cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55033e1a9808f4cd70aef285dd9190ec

    SHA1

    8ca25ce285c883a995ee3c4a2f00b1d18e711606

    SHA256

    3de307ffa748916a2ab823c9bdca7af27bc12eb352c1043464c39058a628c279

    SHA512

    b8af0422232b2fe03b2218857ffb01048dfcefb3a4b7169de89ed83c94b308ada7149f109266eae8cdf5322659ed02cdfee08ef29b980e2caf08e9b1f9e93e88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b84be3cc8690f08d74e8b24f306bdcd8

    SHA1

    8491a3550b5f5e09f6f8e411fa0e84f2041f4e08

    SHA256

    3d2c9f9fcd938c88f9983e29b60ce71740b2516f3f9c237ab67726aee9280cf5

    SHA512

    f6b9e92f8665fac998632df3a89f10e7b9c039d8c3911ff4fc89b88b6c7b8ee47fbec4278d705fa257a1b297a1c529e658e6893fff6bcaa35b3e42c65b0a9427

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b9a8076eef4c1eab2e96d38fb7439ba

    SHA1

    c0530f94683ea146489396de568b4b43d095a30d

    SHA256

    83e685f3e5e35c981f07fdb94fb6c1316739f9ac8192fbda5721ef716e607f23

    SHA512

    be209dde6d3da589be859314803c322c5810a8add3ed44c27f2c4dfca8b61fa4a69ef14ad7a29df7ed7540fe2464e98080237609d2b3b7228bc0bf34197efffd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a17dbbcf0f78fffcf2267508cc90bba1

    SHA1

    d1b60e429baeaa948f1cf06d82ae70a563ba9306

    SHA256

    ad06b0b545c82de903d8496a7ade33f9a15da29338d371c2ecffe52f03edc1a6

    SHA512

    4024baad433136b2b68f812cef3983c42d60a08b69f987ba172c6b6232a9621eaf7a3159f1e8fd4db4f16303e99951c696a1fc08d3c5da4f9582bf6c121764bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba533f2a6ea5b1775de999ff615e532b

    SHA1

    0a1e709aad3b908d4008c42aa6d21d1b0778dfcf

    SHA256

    bafd03bd756b572f187a6a484736bc926b0c106f0af76bb4718e17861d77a16d

    SHA512

    9faad7bb8b61f6ba5f4097e69cbac0baa5dd8a4d64a048a6501715b85b6caa3a4e9aed49306ac3f1e71d1b2de27f5f3c2fac971d2bfb1af14563ae91443a286e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a32255805962be9a5951e5f86684fea4

    SHA1

    1da805209db86c3b5168d6c778473aa0a6407cc4

    SHA256

    685efb855773c87e6e848fbd640acab32ab722ce3af88da1c6677326fa895051

    SHA512

    8f0f29fc3d96cdd9720bfcbb84bc570b390023cc4d6310051a18a030054a5c3322abce2f88b18c49622f7cce33ead9f8e712f6cba91b3045853d797377422824

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eda9af65abbec55e10c2f287736e351c

    SHA1

    803b17955c66b1f5ad850d61da6a88dfe4d5bef9

    SHA256

    7de97dddbdf41c05440040aa19eced79730dfde57bcc82f74f0023c0b6f817f9

    SHA512

    d4018c5b3b2a6f7f4b78267db982b55c25a7422851e23f1daa471e9df68b475bdb9c88dcae5bce100d9a1a3d08d2e2ea4c9a5d8e5594ad7487491e74f9fce4f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21fb7d4b9c6977327cc0f7f243f6e311

    SHA1

    03c0049a5d93e1cd64ac0b1bc1b02fea13532ba5

    SHA256

    ee5937bb92db92f3fb5e84c977b8bebdd48f82cc771fd8de21bbd849c8e4810c

    SHA512

    1c0726b2a8be578dfc558b5c70d1330dde0a31fcf94ab58b21020b42ec1bd1481f2e3670be8c9ce91207e628545e4ecd8dc83f1da0c59c72af9e58d0bc44adf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ce0da851257a06e3969c796a5eb6863

    SHA1

    fbece4a570344767e1aa022ed5bc28d0eb66738a

    SHA256

    0244d2046b4b5ced56f27c2378a44b74c301b1bff3ccdb1ca08c2660a0f0db12

    SHA512

    4de533744390f37bcfeae8fa035a9d6b05045de9da3ba8bf5481f6cbef53eea0ca55113ab5efd1481daaa4acb3a8acb8dc75e8e9669a8ce479427e728a29de2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df24ed65762faa3c0091e452a9e3d3a1

    SHA1

    096240f78150c91dee700b0495c44e8ebc7869fd

    SHA256

    be812b4b6786d592a5a3b9b4ec6fb08eb0056a108d7b4e9aa84695f9f8a8d4af

    SHA512

    9a1d5b841683962248b9ae43c0a1c23f7174e317884b04996c35cb9bdb61959d5d03fe4b794f58d0d873e11ee0a8e6213c97adef4216c49797979920eb0a99df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    928cacacdab23cf41ec14b661ca0485c

    SHA1

    227c792ef9f249f76ec86524ec5f755ae40290d6

    SHA256

    e70ec8c6740dc57c51adcd0931e1b564258fc3edf18c127557847e43c78b83e3

    SHA512

    608bc863f5245e8ee3763ceddffe316f1db833ddba68b10a35a588d1066dec5c892ccd9df22cbea71980aeec407b90c093bc720b620c0a5e005a260b32795327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    316c31170f582512f494e0e7cc78d7c9

    SHA1

    4b5c425ea7982b0d01dc0577de9bc4ea3f17c095

    SHA256

    288ba72e9a5a1c7a0be657538d24d124cf89c9e1c6a9b2c1e1777b6c1a82e3bb

    SHA512

    d93193a8deedf44ba65f045ee4f319b36d04263ea00341f0821ecd14fd1a598dac710b294a5e743c513ce738932026a10bacfbd027acf43a566ceaa85ba3d530

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    210c6bb012c9233ad5fef9bc2af4597c

    SHA1

    1e33362752b5245658c91c7cef588596045e139e

    SHA256

    6d0629579ebad962746ad90b3869b4d956ad106641264992ce92ac2ad409895f

    SHA512

    96fbd4a79b14b0d94275861a93bf532d30c8ff96709b55079a45a57abef830b246952309faeccc7838bfafe0129eecec87e7618605b590d97e4e115655d1f3f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    248c0a3f88d6b1face58c7171a065a72

    SHA1

    58333bdd88fcd6641fbf964d83bce693b668c4d1

    SHA256

    d3a6f818d64a22398ca9f7b1539c1abd0c0f1420e34c61bed39f952ba6342be8

    SHA512

    72dd14cddfde18aa189d71198150e856fdf06bd3ad3e18b52dcf4bdb51fba5b44b628254915e33fc3f2ece7a6d89522e2727a031be359aba7cc61a9c998b2160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    586431b3071249c82e1ef87c62945005

    SHA1

    b8efb53712ed0cd4c14e06cb5e950ff0c3da345d

    SHA256

    c416cfd7d7d9f531348c366787a1a7ef1fbce014083bf62a7772c8c7d8c81c8b

    SHA512

    5b2a5a6cbc832cb0762e52b1945d5b76f312f977a0ef5bdbf5f7af3dc8e2b3aadef3bd03efbf47fefcf5c9901c47f32abaa8307d01d5fbb0580df8c8495581cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb0fd12d53e800ec8847102779c6aea1

    SHA1

    b22c68a2f43412cecffe5385c3b1177ce39bbc86

    SHA256

    9a5e2148919f968e1e8320687b482b2855583fab33ec09a6b1c9cf94bb7602b8

    SHA512

    9860dce9b038880e357923cd8a2570bd69f61339a7fda5cc6974ab175f6a44aad5d5e5c7037eab1a8e1d096715a82180b210d4662db9135af21927d76e706b41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c23f870543b2801858b1972da6b089cf

    SHA1

    88ccb45e278f4f3d9a34501654725eae8df90574

    SHA256

    c741009eb9fe5e72a41637de903646678f197b325fc3fde295981b1b7f66d2c3

    SHA512

    bb9282d1f8475473ff4f5df910107581182317917a1990887f6ea6644f79de73c4de99d15050494015bde3f34e9889016d4049d9624a65249b6e5c368c851515

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab34E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar410.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1688-13-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1688-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1688-14-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1688-21-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-12-0x0000000003820000-0x0000000003AC6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2192-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download