Overview

overview

7

Static

static

3

94b0daad5c...79.exe

windows7-x64

7

94b0daad5c...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe

  • Size

    25KB

  • MD5

    dd3f2c3ee2a296547f6c7411bb562299

  • SHA1

    404e2857fcd2b7e105c39f725298e35e3c8425f3

  • SHA256

    94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079

  • SHA512

    f3518c6be30bfa0c2f3fcb91e4292335b3bc585f4e7bad8b32006b6115767bc92e9529c695a494d685187bf7732b1ec7618071568eeb4457082955f0d8be38cd

  • SSDEEP

    384:ZQ6J1mIUcCgKY2mPNIrJwIhn7ytQtJUMTNOt894boE9K/mKHboIlY:ZQym55gKGPNSHftJDhEvKHbo9

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe
    "C:\Users\Admin\AppData\Local\Temp\94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\spoolsv.exe
      "C:\Windows\spoolsv.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\utjabgtUFjfC3PZ.exe
    Filesize

    25KB

    MD5

    87690d828200b3ac31795acb69e90f07

    SHA1

    004f64013ae9b60795e972ac74f956f0f38d61d6

    SHA256

    3564d4af4d7c79363f42aa8668091f15b1a4813cebebe3528094dfed00bc1753

    SHA512

    8f8099b7a9dab0e3db5a67a727e3fea158e99b4c768ae85aac071c0ccae915fe2d35042572a10c4fb9fc935e042d1541202d17e6655b566b5a397edb6108c794

    Download Submit

  • C:\Windows\spoolsv.exe
    Filesize

    25KB

    MD5

    7a2c35cdb6fff964eee17f0057475e2f

    SHA1

    4252e05e7295f8335a1a21de1255727de12c3cfa

    SHA256

    bdefea247921a91269fbfd1db990172c296db6e29fab4ed6e6378e85f3f49369

    SHA512

    fc1442df06bb9c691bd14cfb057ed838afe2a1b7f1c00e01a60c6b0122d3f7451c80d6d8dee3fabd0594f9538f4c8a754886f7e3d7e9c0fbee991927c51d8b1a

    Download Submit