Overview

overview

10

Static

static

3

suspect.exe

windows10-1703-x64

10

suspect.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    23s
  • max time network
    30s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/05/2024, 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    suspect.exe

  • Size

    1.4MB

  • MD5

    eb9b5a9fb84c5eb9527d724cd9c14118

  • SHA1

    d166e843d328dd358ea748c652e3e422fec001a7

  • SHA256

    6b1f5e73fbad2351b4183b20fc4626d75d475fb3c95ee538ae5507f61ac7f0c5

  • SHA512

    26412f140d5f619f17e705568e6b99d2c8c469b83803edd9fad2559298fb7320b9bc4d60b66a4d4880ca75b9f17fefd5a755a18d0d6dbf2d9768bcc97cec8944

  • SSDEEP

    12288:waBBmsOOeuu8AAU5igKjyRM5LZIBFNOdYbJt1vuE:TGB8pw+e6Ioav1G

Score
10/10
observerstealer

Malware Config

Extracted

Family

observer

C2

http://91.103.252.17:8912

Signatures

  • Observer

    Observer is an infostealer written in C++.

    stealerobserver
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\suspect.exe
    "C:\Users\Admin\AppData\Local\Temp\suspect.exe"
    1⤵
      PID:4540
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 288
        2⤵
        • Program crash
        PID:4456
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 280
        2⤵
        • Program crash
        PID:4944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4540-0-0x00000000001D0000-0x00000000001D5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/4540-1-0x0000000000400000-0x0000000000570000-memory.dmp

      Filesize

      1.4MB

      Download