Overview

overview

7

Static

static

3

94b0daad5c...79.exe

windows7-x64

7

94b0daad5c...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe

  • Size

    25KB

  • MD5

    dd3f2c3ee2a296547f6c7411bb562299

  • SHA1

    404e2857fcd2b7e105c39f725298e35e3c8425f3

  • SHA256

    94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079

  • SHA512

    f3518c6be30bfa0c2f3fcb91e4292335b3bc585f4e7bad8b32006b6115767bc92e9529c695a494d685187bf7732b1ec7618071568eeb4457082955f0d8be38cd

  • SSDEEP

    384:ZQ6J1mIUcCgKY2mPNIrJwIhn7ytQtJUMTNOt894boE9K/mKHboIlY:ZQym55gKGPNSHftJDhEvKHbo9

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe
    "C:\Users\Admin\AppData\Local\Temp\94b0daad5c1ec0220cdcd939c635b3576ac4d1736925fbae6363882a139a5079.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Windows\spoolsv.exe
      "C:\Windows\spoolsv.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:2820

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    348KB

    MD5

    c9c5d23bd34e287dbc61bc2410ecb5b8

    SHA1

    58fa56a94314116b308e7634999a09eca5668eda

    SHA256

    6f5d19a0d2749344ad67da922ae17cc9e2a3fbb9bf4f402d9929625ff2cf810e

    SHA512

    fe7d5a83d34ebcf202ca25723c4f0f231d5038831e5a6b70da1439e9042dae320330e7af49bb62240835f1f79bd2fb29f3ed45e67723a31a65bdc1b7b89fac98

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\OlQfWp0LoZreQOR.exe
    Filesize

    25KB

    MD5

    aee80d51d927119157c97ed1a830ddcb

    SHA1

    c06a34beeaf63f119d7561d5a29e20e0861e66f1

    SHA256

    e8f22d262fc961a0b8206763e52da57d0a938716f6fb6c6dbcc5a35f8b21e7a2

    SHA512

    7b4aaf88e9719f5f32682c0e83ba5d85e0db3b2bf5a9251f7a4b87063d05c6374ca3857445911351e09974dd696b3019ff5e8515bfcca2b3acb0e3d1ce7368f3

    Download Submit
  • C:\Windows\spoolsv.exe
    Filesize

    25KB

    MD5

    7a2c35cdb6fff964eee17f0057475e2f

    SHA1

    4252e05e7295f8335a1a21de1255727de12c3cfa

    SHA256

    bdefea247921a91269fbfd1db990172c296db6e29fab4ed6e6378e85f3f49369

    SHA512

    fc1442df06bb9c691bd14cfb057ed838afe2a1b7f1c00e01a60c6b0122d3f7451c80d6d8dee3fabd0594f9538f4c8a754886f7e3d7e9c0fbee991927c51d8b1a

    Download Submit