Overview

overview

8

Static

static

7

11d147ae2f...89.exe

windows7-x64

8

11d147ae2f...89.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689.exe

  • Size

    1.3MB

  • MD5

    1dd57a608c0ef241529ac83d4b2cee06

  • SHA1

    6b3e7a095eee51110d071e7d49e0a081d565f9dc

  • SHA256

    11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689

  • SHA512

    535de336d7c959a6e920bd23cf4a1497fcaef59e2a41d6fcf00f4b024a0406a494641c5d3e15c143088962d49bef298c8c58e7b14748bccdad006688d84244df

  • SSDEEP

    24576:Qak/7Nk4RZQKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/3Zu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689.exe
    "C:\Users\Admin\AppData\Local\Temp\11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689.exe
      "C:\Users\Admin\AppData\Local\Temp\11d147ae2f1899dbc8e0fc9f951dc8503d5ed16d7298e29b80ec9d004c448689.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    04e30e6e28741e32a594a310b7c3cbe2

    SHA1

    9da49f129227e27d12b9b1fc8eb2ef039851e847

    SHA256

    52923fd397af6712431768fcdc53652eabfa5f869041c91f365a3e6086303bf6

    SHA512

    e906ff86980482ee3bf14ff00549cce8513c9bd0d1b3d4c92596e449aee5afdcf9745da65450da749ab1e8625ca4221d73aeafebe16b0215f3fc3806fa88d94f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96a82ad1d62ad15bc595428a5081f83a

    SHA1

    2c9cf6667517c6f237f7d2251fdaa0600b309008

    SHA256

    f618b7dfab930246e70478480afbc165701b7eb7ac33fff74d366fd045cbc666

    SHA512

    832f38e079ac2e2c7ff1e05ae1cb7b57548eeaf8224824e963db2c4a96acf8ea6821ad04efa41c6b8e561fa33486af740283f90a7a0790cd639d4e33c00cdb04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6c4b7726315708833e5ff0773803848

    SHA1

    cfea851fd1086488cd01a0c746270dacf20977e1

    SHA256

    2a0b4c0d2b114ed76e171b06995e3764030bd2507a7ca0f3f720647d7eb3925b

    SHA512

    9f7f74f721083a61c59ed6fa259c9d5f5c23edaca87ec4d171e5c12bde3d198ac34bb1de8891f484254ddb141967b55459b239668f21bf972d9ef3c3bb17aa66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    886e535ab3bf7563dc5d38a36cd4d752

    SHA1

    bdecfff6e9335e1b02a11bb3612ec8f7390d38b7

    SHA256

    cbc7e10de71f05632ab5ea67f9d904df9c1b19c6057b55b60b0da848ea572512

    SHA512

    c88b993ddbe83aad8025ed6b5d163c303dca7c0bec55fb40cf970e3e750512461de110d7287fdf796e0986e67dc386b74dc014b7fe30a07c0b63b49e166d2a3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91c5ffc28967fbec4188d50b1561bc43

    SHA1

    31633d23e224d834488a6c7364fb9cfdd5bc8879

    SHA256

    07f3bdb561924c8bba94739f9a0970f3363335a09d9e76dcb189c8bc9881181f

    SHA512

    1af9e9db8a7b407109ee61f13596c8555260546ad7b8844371f45feec6588db98b0bd3951dc3ff125d86327ca462618b148707e22debeb17d210caf95a18a840

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5468c0cebe43c1a5c0e15ec92f3b5fa

    SHA1

    81c84a8422c2669f53df566139e23c11afe1c37f

    SHA256

    a6bf7133e7c94f573d20294a1dc0fe7728edddb46cdc3a637dcec546a7e1d855

    SHA512

    46e1919c092a76d9d196331d4f3ac0b6a3373344b778cb18d3214e5f23a63f7d0089e21beca75790c67ada11536e6af104dfb17d787db56a3b961323099087b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef6fa8c7be6e1b9446a9b644cfab848f

    SHA1

    992ca9d7d34cdc081f167c864c58cc28786767b7

    SHA256

    9c10034c7f8f99c0cfe42c749fd5170dd6956c0a8d7a817d64bf4ece85f5a264

    SHA512

    3145a7a73d51614b75b0c4dfa81015f79cb9e9aeeeb5e1c5168d301638fd0dd94ca1a73a50dc82871f060858494ef74a3f847636745e8c02437cc923a340245c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8b9e685756fcf152b1f9500bed32ca3

    SHA1

    264cc0388c7bf7c2590828b21c22ee5722f40ef4

    SHA256

    3a423a586d39b5253b2371e3e9717cbf457e1084f1ceec9f8c0ccc72b674e23e

    SHA512

    8f4d652d50f92a983fb8b2458b448ca4de798d717233b77fdebeeb95cccdeedd22283346c19b57b95a49e0ea6f25fd49560bca45342424f9e09ac3ab83c15703

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e66056132c10879577273cd7b2ee4074

    SHA1

    1a687968303cc87d12e421928b2ec327fb3d47d2

    SHA256

    3bdddf1677982c4486a3c97a20e3119e4da674e1e867d36bff263ceff35ff303

    SHA512

    5a50e985b0444b7f5e7d88eabdf4005b73584cde8b29db2459eb69d84701e6c1082b33a0567c144929368846c9bdc41658b4ed4893da2febbac672b60c379719

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d74ea0709067f563001965693199150

    SHA1

    36ad0dffa14f65fc710c278919a0fcb701469c21

    SHA256

    cec3bf4b67bd78be7b7c130b40a207c323867da47a25e5fc201675c1dd4fbd0c

    SHA512

    d82681cc47c258803e33a499d7d8111c5f14690ab67c804bcb7852e9bf67c2634bb0c91b51fb928648b230f4a55c8cccee57e6e1609fa31dafde3fa8d3cca062

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6bf1092a04f421aac366bc245f934a9

    SHA1

    1af0830f04e1d5760f304a34b818b32b17c14c33

    SHA256

    d71a718f3abcf5edd695f17799973358f1821f69afd8e843262c406be6b53b83

    SHA512

    a31c892709eec0c19ae4f0867fdb3fd6846e073aec5b56e61abe6476864354af324f386565c2676a6cce7ffa39af881148ccb05c213a0f629e6098e0b46b78b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    d33f91b6927c839188da87869d723022

    SHA1

    b3656f617ecab8655e9acc512a44c159a0252b4e

    SHA256

    c19bae87c0185335090ee68b7e267ae44a3d23724df4a12fd3a6b54819323ce7

    SHA512

    5eecaedc9e5272a2a94a98a669d32ab95abc053f93c155b7a0f45519d414bcedd821bcff48700a1dfcca364bc7b8cdcfcd27c8fc2ad45e5a333b3d54e5ddd343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF80B.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2180-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-7-0x0000000003700000-0x00000000039A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2180-5-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2880-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2880-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2880-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2880-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2880-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2880-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2880-19-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download