Overview

overview

8

Static

static

7

7584a6f512...b4.exe

windows7-x64

8

7584a6f512...b4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4.exe

  • Size

    1.3MB

  • MD5

    dab80084544a9fa4b7fb6dee9327d264

  • SHA1

    80c43465df16c67a4cdee909ad0a91c9984d47f2

  • SHA256

    7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4

  • SHA512

    d0054a489219f64ae1c51d7952c7a4fb8e14e1cc7e91c8d50f3179f6084caf831e1e65ea6f8bbf0b4b0eef942c3f382f2ba32138422892ce58ff6d53700c3ec8

  • SSDEEP

    24576:Qak/7Nk4RZnKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/4Zu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4.exe
    "C:\Users\Admin\AppData\Local\Temp\7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Users\Admin\AppData\Local\Temp\7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4.exe
      "C:\Users\Admin\AppData\Local\Temp\7584a6f5123fccb6ed9aaebc8d8dae61e095eb14cbb3032cc1be24bae7aa77b4.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8812dfb164b918eda9cf7e4d3e98585

    SHA1

    a033b00410697b4eeb9f824b77c31e38217a354d

    SHA256

    12044c44da1d9b93b6ec6b89dbad05a675c63653dae5908f77590b71ba8783ca

    SHA512

    b47184317d834aeecb6e31803375896170197300c7b1f7644d5ff2a0cbcf8c599875ebb77eb8e643050cde98ed8e34202a4905a5d57ab05a811cc9e3efd6f3a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbe455f838c7f52272f9cccdb42fac20

    SHA1

    0abf27f649f67358303132ed6d721a3364044ea6

    SHA256

    bd80ec3075160cc12d5721a617c115cac99beb68725ff6ba6680e144e13cdb18

    SHA512

    2dfc9df9709d139601c052c6a42fb289fabe1e367ccc1fd4f67bd8d6b86eee80eb8042c6df505de36df007bba57ee9ac36cf3b3e4f1984359296ee59a2df2db8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91b42da60e6fbaf9f5c4fabe4535e874

    SHA1

    45a33c46bfcb00134f434658c67a3d01ff0e1b3f

    SHA256

    f52991ca3e206169834b540a00b60560e9000c4a3e8b15a4b85ae522cd95feee

    SHA512

    12d59dbbba966882976de13647406fe7d10cbe4a7f17034767532588329c75dda712a2659c07018baa91b83d474fd47cb4a67d4291749a723e326192d16cc725

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0498b4106990bd29a068930bd16ac70

    SHA1

    3ec97cea88b296d022141d37ee5e86c82b934ff6

    SHA256

    36875f2ce5fa614fc6acf1d1db80a53c36f10a4e4096dc9c1da3f0bafb9f9d62

    SHA512

    14192c72c88f08c063eafdc3a7da11dca73b6338aae04f6bdfef23ffa94ff2ad224e3b79e2a5625f4972da877f09a5a1ad1269077bc0c159659d96d61e6b609a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abbe456d3fcdf0a44c9e4269b51c50ab

    SHA1

    7465c94c32a03c81832c4704e866f1fcb8678ef6

    SHA256

    d372e8d1e9fc980063ea6733f60f193dfdd051f335c473cbaf67490b3cf5ce38

    SHA512

    eb83add4619f85d5c748531f418e77435142c8929862edf52ed87a87ac646c1d66c92f1c89381674d77489550034ab8594eed0164c08b6779d21f5f6813e3148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f68c080be68ff0956815a69d5fecacd

    SHA1

    103e637454f54e59776689787a42a12578354eb4

    SHA256

    25683e34ce2841c85291ed32c9b5e89647e7759f5e9ad73f1ced6522449d8b72

    SHA512

    3b35b1eae138a689fcb47086841e295056039c5ad93e14cde1f5bfa1feef1f1863ab756ccfa27df37cfd2c3875c47b1f2a74587e6a20786450e75fd2dccff070

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf7c3eb8f4cd02661078e8523264b1f8

    SHA1

    c3af07d61afdf427d32aafd394ad378eabb7fa48

    SHA256

    dba9c5f4749e8a1578d2d7d46a5a70fa6b728ae64c8e31190093b306fc59455f

    SHA512

    053c89f84d6df70c05e97c3ed1cab5c45dbd14318c8a7c7b796d554b77c9bc5bf299f81f8255d892e1dea937e76234ff575ee9a4711f6701f67399a7f2876d02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ef2ff50d42c63769f011a131f0f3fd2

    SHA1

    2f739bd0c32be9623027990ae9bcca5394bccda7

    SHA256

    1531d4d95c5343bcb0597dfffb0acbb9f3cdfac702686d3be6ddbc618d5d9f40

    SHA512

    6f09a7c25de9e1f0a2ba7fe8acac949479fa0e577c4e59f4514937135ba6de3253ca896e1dde664681829e71ed3652f5643684787d0f6dfbf1bda3b502d373b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d4b2044234750c2ad89e27bb5fac8fc

    SHA1

    4f00b7b300167f6ac95fa850efb21b07534cdcac

    SHA256

    c409e365365dc3a2e09947b4826434cef04de1e936c657041ac57e96042c42f2

    SHA512

    839dac9e7d8e5f233f9fffac17570f2906d8b7eb8a4b1af4460e739c3a266b2e24b7838d7ed643bfd997940690eb1b6736863c57be5966cc4cbc1ef4aaac85d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8fe099676ec2e415bab3227838c43996

    SHA1

    1d14f834228de6c32cb0f3a189dc85e05289d6d9

    SHA256

    2d890f38507571ef6e817340f66c9dc3eee89904dfc798298922ace8b5af34df

    SHA512

    fcf43afe9a92c88d64925224eef22abe8dddea64ebeaf39316c77edc6eee18384460485891e8423f6db8d3387024344bc048c40739ef03b3a7fd8f1db7a4bc52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a5b044277ebf3efaa2db570af2abbab

    SHA1

    56ca8c4bcfa49a532d14d8e5160f1032bf437b55

    SHA256

    2b5d6790039e0e197dc081528abc2f06d3293636b602125b47f58e3c34cab32d

    SHA512

    f944e9f3e239c93efb057721cb4e03c8fd35f3b36734ea799217b2ac0bb57e4b769d0cafee5bdf823dff7fb6c3245145809498694149e0cadb561eee03ff4532

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d189ccb0201552d6807ec3c5799a788

    SHA1

    0ad3a2bbae298e9d34941aa5b0a7d9018bffa806

    SHA256

    46015b06368ac10bcf6e09a7b790ba28a7e7034dbead226a40868d8377d8f8b7

    SHA512

    4ea8425591c4557ffa7113a2730b6bb63b5e96e0d281671da6e6d72085cfa6e2afc044788514100bee707bc07bc3007fa6c1e95544588dbc8bfc411bea6f94ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ece1aca14ea2cb35a5d16a567df31a3a

    SHA1

    b96f8082f8eefb6ffbfbf460c068f71abf446cdf

    SHA256

    324d6e601428508f268c6e4ba370952d0450d24e0f1cd28e197f7fcab1a51879

    SHA512

    959f73b77b92d9223867fb0a2ecc8fa5eb3ce616686e092e53e92335cde6dfe085ec252aed9ba8de4a9d04983fa98cbc1ecba485821dfdddb7619506b048084c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    907a5e4a3b7af8bd8b62663b8a6221ca

    SHA1

    46763359591ba8fccb316f9c7c2a08f7ef65b146

    SHA256

    3ffcfc4ffd0ad2955626b7ca0ed6342aaba324b4de25fcb805ed7f85307844f8

    SHA512

    709cdd4a72c601822e61a0231893de2ecc94f8efcca97ba1e133f31347edb1c4bbf49918d17213c943d87b18d764ac53434cd8c3937ce6c48dff3dc4bceaa12f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04ecedfd5b3d5c0d189f7889fe0785cb

    SHA1

    479acdae9124ce87ddfae0922069b60756832eb5

    SHA256

    db7d22c7568b96c78cc2117a29e5108cb809db788e5c2524afecbda7c1db7bce

    SHA512

    1c5f7f64d93c8584c5062d06b2e714754d56d733a48578d7b59dfa66aef5f8baad4c3ecdda312faae159d6678e101b06d4a994561d155a5edcfcfd0a632a5288

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f39688841275867a0063abe5cecbd83e

    SHA1

    6dec14ff61f42a6c00629b0e535ff4836c75e1a4

    SHA256

    cc5ff8c4c6430f7fcaeb4e22544c0c77a0b210244a4f725f5eff6c8c8f22bab2

    SHA512

    fcd8bbc0d81fbf7baf9117d8e26a36357ee34b089f55b3caf32226ca2a7d2f4e5ec079fef8d6baeb352c1a69d222fdc800b1db2933a8273bba8d3ad490bfff6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01adc07048e9337978f94789e4083414

    SHA1

    239b2f6e7bb2fd17470e128e719284293f5393ec

    SHA256

    aa2c66d1df797780b0288c3f8c476e1a6807d609f1cb3422ac6644ad06ebf6d6

    SHA512

    07d62542efddbb0ee728b60b136301ab9c00f948c8479e39aa4a16f1986174a6ae4a2836ec76883fc1d934670b200b02d6a41d5e39e2a5d595f73c23c24332ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b471d753bfe398ad944990df27c2082

    SHA1

    ed532b4ced00a5d834eec206c97251ee0ba4cbc4

    SHA256

    86f36a04fbb1b55db161c4d7925b8848eec6f0629650f2434534daa08672142c

    SHA512

    89975dc55521e541ec57373fb1ff3c168f52c4dc6bb754d57157df2695c9fdaa541e1a036f237b2637bbfdac78e9cec483d747661adf1ff48544259d535416d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1F7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2B9.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2100-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2100-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2100-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2100-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2100-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2100-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2960-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2960-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2960-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download